[ JagoPG Site ]
Home Publications Survive in a Proxyed Network
This publication is more than a year old. The information can be out-dated.

Survive in a Proxyed Network

After being living in an University campus, I have suffered from one of the most horrible experiences in the cyber-world. The first days of my staying I discovered I could not event use Git at the University. The only ports I had available were 80 and 443.

I never had to set up any proxy in my home University. So, this was the first time I had to put in practica all the theoretical conceps I have been learning all over the years. Is not as bad as it sounds, its quite easy to prepare your computer to live with a restricted network.

If you can set up a Raspberri Pi at home for having a SSH server it will be very helpful for you. And if you can create a pair of public and private keys, it will be even better. You can use services as No-IP for updating automatically your home dynamic IP address. If you have not noticed at all yet, I will explain later the reason for having it.

I use a MacBook Pro for working on my own. So in this post is described how I have set up my computer for running apps on this environment. In Windows like systems the theory is the same, but the process for setting up the tools will be different.

Proxy not available

I tried fist to use a VPN for securing my traffic. The problem was that the University's proxy was filtering my connection requests. The logical step is to search a server which uses the port 443. Nope. My requests for opening the VPN connection were sent, but the responses from the server were being filtered.

Set up proxy in the global system

Edit the file ~/.bash_profile and add the following lines for telling the apps that are using the system variables to know if they have to use any proxy. Some apps use upper case and other lower case, so I have declared both for that reason. Notice that the https_proxy is using HTTP instead of HTTPS. In my case, the University's proxy had not set up HTTPS proxy server.

export http_proxy=http://<PROXY_ADDRESS>:<PORT>
export https_proxy=http://<PROXY_ADDRESS>:<PORT>
export HTTP_PROXY=$http_proxy
export HTTPS_PROXY=$https_proxy

# For Yarn Javascript application
export YARN_PROXY=$http_proxy

 Access to Git

I cannot work without Git. So, I looked up how I could set up a proxy on it. It is very, easy, just add the http.proxy record to your global configuration file.

$ git config --global http.proxy http://proxy.nagaokaut.ac.jp:8080

Install a HTTP-tunnel application

The second step is to secure your traffic. If you are always browsing using the University network, your data will be available for anyone sniffing the traffic. Yes, you have HTTPS which is very secure, but someone can listen to your conversation with the server from the beggining. So the connection may be compromised.

The Corkscrew [1] will allow you to create a http-tunnel for your traffic with your Raspberri proxy server, or any other proxy services.

$ brew install corkscrew

Modify the ~/.ssh/config file and add the following lines. This will tell the application the location of the Proxy.

Host *
  ProxyCommand corkscrew <PROXY_ADDRESS> <PROXY_PORT> %h %p

Alternatively, you can use the SOCKS 5 protocol for re-routing your traffic through SSH.. Run the following command for keep a communication channel (on port 9001) between your Raspberri Pi and your computer. Then, you have to set up yours local connection to use just SOCKS 5 to localhost at port 9001.

$ ssh -D 9001 -f -C -q -N pi@<YOUR_HOST>.ddns.net -p22

 Other apps

I was no able to use the Mail or Outlook native apps. They require to have access to SMTP port, which was closed in my case. There are other apps as ProxyCap [2] or Proxifier [3], that are intended for re-routing your apps' network traffic through any other proxy that you may set up. I tried ProxyCap, which is free, but I was not successful. The log errors were not helpful at all for knowing the source of the error. So, if you are staying for a very long period, maybe you should check out other solutions or pay for a wired connection if you can afford.

Other bash tools will fail when using the network. Most, if not all, applications have documentation that explain how to tell the app the proxy address. Just, man <COMMAND_NAME>.

References

[1] "SSH Through HTTP Proxy", http://mtu.net/~engstrom/ssh-through-http-proxy/

[2] "ProxyCap", http://www.proxycap.com/

[3] "Proxifier", https://www.proxifier.com/download.htm

Published on 01 Mar 2018