3

I use my university internet network and all incoming connection is blocked on every port.(they use netasq firewall) They have no other restrictions which stops me from using a torrent client. Using torrent is NOT against university network policy but they restrict all incoming port just for security reasons.

Is there any way, I can use torrent in this situation?

can VPN be a solution here?

can SSH be a solution?

Mainly, I need to know, can torrent work if all incoming connection is blocked? Is there any way to initiate the session beforehand so that I get a open port in NAT table?

Sourav Ghosh
  • 133
  • 8

1 Answers1

1

Netasq has a firewall feature that targets specific applications using deep packet inspection not just basic port blocking. In order to bypass the firewall you would need to encrypt your traffic by using a VPN or similar. I good vpn client is called OpenVPN. To accomplish this through ssh(using linux) you would ssh -D 8080 user@example.com you would then need to run ssh -L 1234:127.0.0.1:8080 user@example.com The first command sets up a proxy(socks) service on port 8080. Then second command binds a local port to the remote port on the server where proxy is running. After a while ssh session will drop due to no data being sent over the connection. To keep connection alive you would need to add

ClientAliveInterval 120

TCPKeepAliveyes

to the ssh daemon config file usually located at /etc/ssh/sshd_config on the server. If you don't have access to the sshd config file you can also use

ssh (commands here eg. -D or -L) -o TCPKeepAlive=yes -o ServerAliveInterval=60 user@example.com

The command above would have the same affect keeping the connection alive.

If you are using putty(ssh client) click connection on the left panel you will see seconds between intervals and a text box enter 60 in the text box this will keep the connection alive and stop it from dropping out. Putty also has port forwarding options under Connection -> SSH -> Tunnels. To create a proxy on the server you would need to enter -D 8080 user@example.com under Connection -> SSH where you see remote command. This will setup a proxy(socks) on port 8080 on the server. After setting up port forwarding and proxy you would need to configure torrent client to use the proxy listening locally. A torrent client will still work if the firewall does not allow incoming connections to ports.

Tim Jonas
  • 807
  • 1
  • 7
  • 19
  • Very well answered sir. Can you please clear my basic confusion that "can torrent work if all incoming connection is blocked?". just think that they don't use Deep Packet Inspection and only block all incoming connection which is not in NAT table. – Sourav Ghosh Jan 03 '15 at 13:20
  • Thank You. Yes torrent client will still work if the firewall does not allow incoming connections to ports. – Tim Jonas Jan 03 '15 at 13:21
  • So, I think they purposely block all torrent using DPI and this is the only thing I need to bypass using a VPN? – Sourav Ghosh Jan 03 '15 at 13:23
  • That is correct – Tim Jonas Jan 03 '15 at 13:25
  • Thank you sir. I will upvote your answer as soon as I gain required reputations. I am new to this website. :) – Sourav Ghosh Jan 03 '15 at 13:26
  • I successfully downloaded a torrent using vpn (free vpn provider vpnbook). I have some more questions. **1** University connection blocked downloading the metadata of the torrent. thats why download didn't start even using vpn. I then used another ISP (vodafone mobile hotspot) to download just the metadata. then reconnected to university network and VPN and the download started. can you explain this behavior? **2** Can university block all VPN connection? I am using vpnbook via openvpn. Some says openvpn is tough to block. can you explain why? – Sourav Ghosh Jan 06 '15 at 09:28
  • I mean, I have very little or almost no idea how encrypted data and VPN works, But firewall should see that my encrypted data is going to VPN provider's (in my case vpnbook)IP address. Am I correct? Then they can simply block all encrypted connection to that IP. – Sourav Ghosh Jan 06 '15 at 09:35
  • I think I need to explain my first problem clearly. even using vpn, I failed to start downloading the torrent. It was not being able to download metadata. Then I connected to another ISP and downloaded the metadata. Then again used my university network and VPN to download the torrent data. How do you think, the were able to block me downloading the torrent metadata even when I am using VPN? – Sourav Ghosh Jan 06 '15 at 09:39
  • Maybe your torrent client was resolving trackers using dns and those host names where blocked by the firewall. Running dns requests through vpn should solve the issue. – Tim Jonas Jan 06 '15 at 14:49
  • Just curious, Can university block all VPN connection via firewall? – Sourav Ghosh Jan 06 '15 at 15:37
  • 1
    With a advanced firewall I believe it would be possible. Most IT administrators that want to block VPN connections block ports that VPN's use such as port 1194 udp, 443 tcp and 1173 udp/tcp. Some firewalls have a built-in proxy/vpn list where they will block access to those domains all together. – Tim Jonas Jan 06 '15 at 15:41
  • Just did a quick google search here is some interesting reading....http://security.stackexchange.com/questions/42735/ssl-vpn-detection-and-possible-to-block – Tim Jonas Jan 06 '15 at 15:44