Route traffic + DNS through SSH (ie.: socks proxy) - windows

I have the following setup:
2 computers (Cmp.A and Cmp.B)
Computers run Windows 10 and I have admin rights on both machines
Cmp.A is simultaneously connected to 2 VPN networks (different domains) using different solutions
Cmp.A has got OpenSSH server installed and enabled
Cmp.B should access the internet and all private domains (coming through the VPNs) via Cmp.A
Cmp.B should resolve host names through Cmp.A
in other words: DNS traffic should be resolved through Cmp.A as well
Currently, I achieve this by connecting to Cmp.B to Cmp.A via SSH which gives me a SOCKS proxy in the SSH tunnel. Cmp.B has got ProxyCap installed which routes all traffic (including DNS) to Cmp.A.
This setup works pretty well for me, but there's one ugly setback: ProxyCap does change the Winsock configuration of my Windows 10 (on Cmp.B) which results in incompatibility problems with my other applications. When I execute netsh winsock show catalog it does return dozens of new entries related to ProxyCap and I don't want this (if possible)
I would like to avoid using ProxyCap and save myself from an application messing around with such OS level socket settings, but I need all traffic (not just browser traffic) to go through Cmp.B.
Wrapping it up, my questions are:
How do I route all Win10 network traffic (including DNS) thorough another Windows 10 computer (over an SSH SOCKS5 proxy) without using ProxyCap?
How do I make Windows to resolve DNS through my already existing SOCKS5 tunnel?

Related

Howto route network traffic from WSL2 through a VPN connection established by the Windows 10 host?

So what I'm trying to do is to use nested VPN connections inside WSL2. The Windows 10 host is logged into one (Cisco AnyConnect, if it makes any difference) VPN, and I'm trying to establish another (openconnect GP protocol) VPN connection inside WSL2, that would get routed through the host OS's established VPN tunnel.
This all works fine with VirtualBox using NAT networking, but I have absolutely no idea how to achieve the same result with WSL2.
Zero experience with Windows networking, so don't really know where to even start (other than Googling, which has been of zero help so far). I have no need for any fancy VLANs or network confs for WSL2 containers. I'm simply using WSL2 to avoid the utter horseshit that is development tools running on Windows.

How to establish a VPN connection without using my DNS

Is there any way for me to connect to a VPN without having it use my DNS? My internet provider where im connected can only use the DNS to connect to a separate server, which then connects to the internet as the router only interacts with that server, so if I change my DNS, my connection instantly stops working.
Is there any service that connects to a server without DNS as a VPN, or even some way to set up a proxy to go to another server after it interacts with my DNS?
Tried Changing DNS, no connection using cloudflare or google DNS servers (1.1.1.1, 8.8.8.8), Hotspot Shield VPN wouldn't connect, VPN from my home network wouldn't connect.
So, your ISP allows DNS traffic only to its server. And you want to by-pass this limitation.
Solution 1: SSH Proxy
ssh -D 5000 user#host
Now, you can set your applications to use proxy on socks5://localhost:5000
You must set "Proxy DNS on socks5"
This proxy goes throught the SSH server
Of course you need SSH server somewhere to connect to.
Solution 2: DNS over HTTPS
https://en.wikipedia.org/wiki/DNS_over_HTTPS
https://manpages.ubuntu.com/manpages/bionic/man1/dnss.1.html
It should work because your DNS packages go as HTTPS packages.
Solution 3: VPN or other services like nordvpn
It should work also since packages go encrypted to the VPN.
Actually, VPN should work without your ISP DNS as long as you connect to the VPN IP address instead the hostname.
Finally
Solution 2 seems to be the only one you are able to perform without external services.

How to configure SOCKS5 together with DNS through SOCKS5 using pure Windows APIs in Poweshell

Is there any way to configure Windows to redirect all internet traffic through a SOCKS5 tunnel (unauthenticated) without any third party tools (i.e. Proxifier, Freecap, etc.) and without dealing with any UI (purely using command line) in such a way that DNS resolution would be also pushed through the tunnel (similar to what Proxifier does)?
DNS resolution cannot be done by changing the Lan Settings in the Internet Options
I have tried netsh winhttp set proxy and it didn't work (the IP address did not change to the one associated with the SOCKS tunnel)
I also tried using the route command, but it turned out that it does not support port configuration.

vmWare Workstation External Accessibility Issue

I'm running Windows Server 2012 w/ vmWare Workstation. I've built a GitLab VM on Centos 7 that's totally setup and accessible on my local network. It's configured using Bridged Mode so it has it's own IP from the DHCP Server.
I use No-IP to connect to my Network externally which has been working great for several years now. I have port-forwarding setup within my router to forward traffic for the GitLab webUI to the GitLab VM, but it's not accessible externally. I even tried setting up the port forwarding to direct the traffic to the Windows Server and then setup internal port forwarding w/ netsh on the Windows Server to forward the traffic to the GitLab VM, making sure I opened the port on the Windows Firewall (even tried disabling it), but I still can't get to the GitLab VM externally. AFAIK running a VM w/ a Bridged adapter should essentially be like it is just another physical machine on the network.
Now, I am running IIS on the Windows Server, but when I specify a specific port using my public No-IP Domain, the router should detect the traffic on that port and forward it according to the rules that I have setup, correct? IIS shouldn't be interfering with any traffic on other ports with the external Domain.
I'm totally stumped on this on and searching around the web really hasn't helped much.
So it turns out that I did everything 100% correctly with setting up port forwarding right to the IP of the VM, but my workplace blocks just about every port except for 80 and 443. Tested connectivity from an AWS box and everything is accessible exactly as designed.
Now I just feel like an idiot, but hey, I figured it out.

Is there a way to remote debug on a different subnet in Visual Studio?

I have a client who is remote. I need to debug some weird problem that none of my other clients are having. Before I try and set up a conference with this client, I would like to know if there is some way of remotely debugging our application.
I see that there are remote debugging tools available for Visual Studio, but from what I've read, I need to be on the same subnet. As the person is remote, this is not a possibility. Also, as I'd like to keep our connection secure, I would need to connect up some sort of encrypted tunnel (this is where I'm a little fuzzy as my networking skills are mostly theoretical).
As I understand it, an encrypted tunnel is a bridge to another (different) subnet. This is to ensure that those computers on the other side won't interfere with the local subnet computers.
So, because the client's computer is on a different subnet, I think that this is not possible. Or is it? Should there not be a way of making the client's computer show up as a virtual computer on my subnet, by forwarding packets from one subnet to another? I would think that this is theoretically possible, but I'm not exactly sure how I would go about this.
Also, at the moment, my current way that we connect to clients is through GoToMeeting, but I don't think that it supports tunneling. If not, then I may need some way of generating a tunnel, so I was also thinking of maybe using some SSH programme like PuTTY.
As I have said before, my knowledge of networking is quite theoretical, so if the tools that I am suggesting are not the correct ones, please correct me. (I'm a programmer, damm it! Not a network engineer!)
Both computers are Windows boxes. Windows 10 (client) and Windows 8.1 (development).
If you can connect to an ssh server in the remote network, you can (subject to configuration on the server) create a tunnel such that you connect to a socket on your local pic and the connection appears from the server to an endpoint on the remote network.
You'll want to investigate the -L command of OpenSSH, which combined with the PuTTY docs, should help explain what's required.
By default, the endpoint would be a port on the ssh server, but it could be a port on a different host that the remote server can connect to.
I'm not familiar with the current state of Windows SSH servers, but even if there isn't a system server to hand, you should be able to have on run 'on demand' - if you run it on a non-privileged port and by the user you want to connect in as, it shouldn't even need Admin privileges.
I'm not familiar with GoToMeeting, but the one thing with SSH tunnelling it that IT depts should be familiar with SSH. If trying that, focus on getting a working connection in, then setting up the tunnel, then connecting through it as separate steps.
Once you have an SSH connection, then it doesn't need to do something itself, and you can then investigate connecting while specifying the port forwarding, but will will need to get the basic connection working correctly first.

Resources