Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

http://www.dest-unreach.org/socat/doc/socat-tun.html
binary sizes:
openvpn on i386 358k, lzo 63k
socat 261 k
Note: if we roll our own client and server we could auth with CT protocols, and support either
clear text or encrypted comms. e.g. CT accepts connection, authenticates, determines proxy
type (socat, openvpn), and then pipes data to protected proxy server (either local or remote).
Note: openvpn doesn't allow –ifconfig-pool option on server without --mode server -> --tls-
server.... could try –ifconfig-push
Socat build:
http://www.openembedded.org/repo/org.openembedded.dev/packages/socat/socat_1.3.2.1.bb
From http://www.linuxjournal.com/article/1174
“However, although both are available under Linux, I highly recommend using PPP instead of
SLIP, for the following reasons:
PPP is an Internet Standard Protocol—this means that it has undergone a standardization
process approved by the Internet Architecture Board (IAB) and is an official part of the Internet
Protocol Suite. SLIP, by contrast, is an “Internet non-standard” and is not on the standard track.
PPP will work over some connections that are not 8-bit-transparent; SLIP will not.
PPP can support authentication, peer address negotiation, packet header compression, and point-
to-point error correction; SLIP can support none of these (although Compressed SLIP, or
CSLIP, does support packet header compression).
2. VPN tunnels (e.g. route all outbound client traffic through a IPSEC, authenticated header
tunnel)
VPN kernel support likely limited on some FTs, may require a significant amount of image
space.
IPSEC requires pre-shared key or cert, or radius server auth
PPTP sends regular PPP session with GRE, requires two network sessions
“The system uses TCP (i.e., port 1723) to send the PPTP control channel packets. On the data
channel, PPTP uses a protocol called Generic Routing Encapsulation (GRE—IP protocol
number 47) to securely encapsulate the Point-to-Point Protocol (PPP) packets in an IP packet.”
pptpclient.sourceforge.net
# OpenWRT notes
### Allow PPTP control connections from WAN
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 1723 -j
ACCEPT

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh