Relakks

From Gentoo Linux Wiki

Jump to: navigation, search

Contents

[edit] Description

The Relakks service consists of an encrypted VPN tunnel between your computer and Relakks. The IP-number you receive from your existing ISP is only used to connect your computer to Relakks, from there on Relakks substitutes your existing IP-number with a new IP-number from Relakks. This gives you a number of advantages:

· Your existing ISP will not be able to intercept and track your applications or communications

· Your existing ISP can not limit what you can do nor limit what information you can access

· Other organizations or individuals can not intercept or track your applications or communications.[1]

[edit] Guide

Disclaimer: I have nothing to do with Relakks whatsoever.

If you want to use an anonymous IP (from Sweden) and have an open wireless access point and want to route (all) traffic through this tunnel this guide is intended for you.

This Guide lets you set up a VPN-tunnel from your default gateway to Relakks so that all Traffic from your internal Network goes through that tunnel.

You have to sign up and pay to use their service. You can pay with Paypal etc. and buy a month usage for €6 and test it first.

No guarantee about 100% anonymity.

[edit] Kernel settings

Code: 

<M>   PPP (point-to-point protocol) support                                                    
    [ ]     PPP multilink support (EXPERIMENTAL)    
    [ ]     PPP filtering                           
    <M>     PPP support for async serial ports      
    <M>     PPP support for sync tty ports          
    <M>     PPP Deflate compression                 
    <M>     PPP BSD-Compress compression            
    <M>     PPP MPPE compression (encryption) (EXPERIMENTAL)
    <M>     PPP over Ethernet (EXPERIMENTAL)                
    <M>     PPP over ATM


[edit] Install and Setup

echo 'net-dialup/ppp' >> /etc/portage/package.keywords

echo 'net-dialup/pptpclient' >> /etc/portage/package.keywords

emerge ppp pptpclient

modprobe ppp_mppe

With the USE flag mppe-mppc set 

#pptp-command <Enter>

add a new PPTP-Tunnel 

choose: other
Tunnel Name : <however> (with this name you can select your tunnel)
Server IP:    pptp.relakks.com
Route:  <Enter>   (I choose to add routes via ip-up and ip-down)
Local Name: <Enter>  (leave this empty)
Remote Name: PPTP  (default) <Enter>
File: /etc/hosts 
83.233.181.2       pptp.relakks.com
(here you can choose which IP you prefer, there are 4 right now 
 find out with #dig pptp.relakks.com)
File: /etc/ppp/options.pptp 
lock
noauth
refuse-eap
nobsdcomp
nodeflate
noaccomp
##noccp
nopcomp
novj
novjccomp

mtu 1458
mru 1458
#lcp-echo-failure 10
lcp-echo-interval 30
mppe stateless,no40,no56


File: /etc/ppp/ip-up 
[ -f /etc/ppp/ip-up.local ] && . /etc/ppp/ip-up.local "$@"

I copied this line from the bottom to the top of the file
File: /etc/ppp/ip-up.local 
route add -host pptp.relakks.com gw <old default gateway> dev <physical interface to internet>

route del -host pptp.relakks.com dev ppp0

route del default

route add default ppp0
File: /etc/ppp/ip-down.local 
route del default

route add default gw <old default gateway> dev <physical interface to internet>

route del -host pptp.relakks.com
File: /etc/ppp/chap-secrets 
<username> PPTP <password> *

[edit] Testing it

When the tunnel is up it looks like this:

Code: ifconfig 
ppp0      Link encap:Point-to-Point Protocol
          inet addr:83.233.170.77  P-t-P:83.233.168.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1458  Metric:1
          RX packets:5272 errors:0 dropped:0 overruns:0 frame:0
          TX packets:155505 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:428553 (418.5 Kb)  TX bytes:62199038 (59.3 Mb)

Test the tunnel with: 

tracepath netscape.com

or with sites that show your IP or

pppd pty 'pptp pptp.relakks.com --nolaunchpppd' call <tunnel> debug dump logfd 2 nodetach


However with this settings I could use the Tunnel and all Services worked even a different tunnel from a PC in my network could create a tunnel in the tunnel....

Now comes the funny stuff:

my internal Network : 10.10.0.0/16 eth0 shows to next router -> internet

Here I route the incoming traffic from eth0 back to where it came from (not in the tunnel)

Code: ifconfig 


        $IPTABLES -P INPUT DROP
        $IPTABLES -P FORWARD ACCEPT
        $IPTABLES -P OUTPUT ACCEPT

        $IPTABLES -A INPUT -m state --state NEW -m tcp -p tcp --dport 1723 -j ACCEPT                   # VPN
        $IPTABLES -A INPUT -p 47 -j ACCEPT                                                             # VPN



        $IPTABLES -t mangle -A OUTPUT -s ! 10.10.0.0/16 -p tcp --sport 22 -j MARK --set-mark 1
        $IPTABLES -t mangle -A OUTPUT -s ! 10.10.0.0/16 -p tcp --sport 80 -j MARK --set-mark 1
        $IPTABLES -t mangle -A OUTPUT -s ! 10.10.0.0/16 -p tcp --sport 443 -j MARK --set-mark 1
        $IPTABLES -t mangle -A OUTPUT -s ! 10.10.0.0/16 -p tcp --sport 8022 -j MARK --set-mark 1
        $IPTABLES -t mangle -A OUTPUT -s ! 10.10.0.0/16 -p tcp --sport 8090 -j MARK --set-mark 1
        ##########################################################################################
        $IPTABLES -A POSTROUTING -t nat -o eth0 -j SNAT --to <ip of eth0>
        ip route flush table 10
        ip route add default via <old default gateway without tunnel> dev eth0 table 10
        ip rule add fwmark 1 table 10
        ip route flush cache
        echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter

Here I open e.g. Port 80 for Web traffic on my Gateway. The gateway is the endpoint of the tunnel and has a iptables Firewall and Webserver etc

Retrieved from "http://gentoo-wiki.com/Relakks"
Personal tools