I need to connect to a VPN Server , I can`t use windows Connections , My Application should work independently !
I tested some Components using RAS Api , they works ! but by using windows connections .
how can i do that without any dependency to windows connections ?
The problem with this question
"VPN" stands for "Virtual Private Network". It's a way to make a private network available to your computer, possibly in a secure way, so your computer can use standard IP protocols as if it were physically connected to the private network.
The operating system needs to know about that network, so of course all VPN implementations use "windows connections". From a different perspective: When you're connected to a VPN you can open a TCP connection to an IP on the private network as if it were on your local network. Since it's the operating system's job to set up your TCP connection and route your TCP/IP packets, of course it needs to know about the VPN! If it doesn't, it'll simply forward all your requests for the given IP to it's default router and fail with a "no route to destination" message (or a "time out", if your router is not kind enough to tell your system it has no idea what the private IP is).
Can it be done?
From a theoretical point of view, of course, you can bypass Windows completely, but then you'll have to "roll your own" everything. You can't use the Windows IP services, you'll have to implement your own TCP. I'm sure there are about a million other little things that need re-implementing.
For a starting point I'd look at the Open VPN: it's Open Source and available for Windows. It uses the UDP protocol as the bases for the VPN implementation, unlike the Windows VPN (that one uses GRE - General Routing Encapsulation, protocol 47). Open VPN itself, of course, uses a "windows connection" to do it's job, because it aims to provide a useful service, but you can use the source code as the bases for your own implementation.
I personally wouldn't even think about doing this, I'm just showing you the way and proving it's possible.
What should be done
I assume you want some kind of secure communication channel to your own service. Look into simple secure connections, tunneling protocols and proxies.
If this needs to be done for one service on one server, I'd look into a simple SSL implementation. Even better, look into using HTTPS.
If you need to access many different services on possibly different servers on the given private network I'd look into proxies.
Related
This may be a silly question but I was googling a lot last days and I've just found related but not a direct answer to this. In order to express it better let me mention a comparison:
If I setup an http server in a computer behind a router , I must set port forwarding and also that computer must have an static internal IP address in order to receive the requests on that port for that particular IP address. For instance, my router does not allow port forwarding so I could not set it up for the HTTP server. However , Bittorent works like a charm behind that same router without any static IP , nothing. How bittorrent can get requests and it can also seed? How other peers will connect to my computer while seeding? I did verify that when Bittorrent is running the port it uses for example 39031, is actually open ( using yougetsignal_dot_com). How the router can be made to open the port without using its admin settings ( we can also use Bitorrent in a public hot spot where is no way to mess with the router). I know the trackers may do some help, but there are a lot of information about a decentralized way with no trackers or basically that the peers are also trackers but not details on how it works.
Finally, why this "trick" (if any) cannot be used with an HTTP server and we must always depend on the router settings ?
BitTorrent does work behind NAT, to a certain extent. It works better if port forwarding is configured, though.
BitTorrent works reasonably well behind NAT for the following reasons:
BitTorrent is peer-to-peer, and either peer can initiate a connection; therefore, communication will succeed if either of two peers is not behind NAT or properly port forwarded;
some BitTorrent clients are able to automatically set up port forwardings using uPNP or PMP;
modern BitTorrent clients use µTP instead of TCP, and some clients are able to perform UDP hole punching.
I would like to setup a network connection (RTP or UDP) between two computers at different locations, each of which is behind a NAT modem/firewall. I do not want any modification of the firewalls.
My working assumption is that I need a bot somewhere that both computers can reach (eg a shell account on an internet server). Each computer connects out to the bot and the bot allows the two computers to update and query status and to exchange data.
This is ok as far as it goes, but it means that all data travels via the bot. Is there a way I can connect the two computers without the bot, or failing that, allow the bot to drop out of the data exchange once a connection has been setup? My feeling is that there is no way to do this, but my TCP/IP is a bit rusty...
If you assume nothing on the NAT/Firewall your are correct.
Hole-Punching for example will not work with overloaded NAT (PAT) as far as I know, because the source port is randomized by the NAT device, and it maps/match both the destination public address and the picked up source port elected.
UPnP may work, but again you need to assume it exist and enabled on the NAT device.
As I see it, you got only two options if you want to be generic:
1. Configure the NAT.
2. Use a proxy (the bot you mentioned).
Skype for example uses the second, but does it in a distributed manner by using every Skype client as a potential proxy (probably only if it detects it is not behind a NAT or not limited by it).
I'm looking for a tool under windows or mac that allows me to monitor (possibly in a simple way) the traffic going in and out of a computer of my network.
Long story short the residence where I live allows themselves to monitor the internet connection (and doesn't allow us to switch to another provider).
This annoys me on a personal level (I don't like the possibility of people checkin what I do without my knowledge as a general rule regardless of what I do) but also on a professional level (I sometimes work form home).
I'm using/trying out vpn providers (JAP, VyperVPN...) to avoid all this. it works fine with the http connections (if I run iptraces I end up in germany or US or UK ...) but I'm not sure for other applications such as online games, instant messaging softwares that use different ports.
So my question is how can I make sure that my internet traffic is using my vpn connection or not ?
Wireshark would do that for you on Windows and linux (Not sure about Mac). It uses WinPCap library and wraps in a nice UI for you to monitor the packets that you are interested. It allows you to listen to specific or all interfaces , so you can make sure your packets are going via the right interface
if you don't want them monitoring your internet usage, a vpn is a good solution, a vpn will encrypt all of your net traffic between your computer and the vpn gateway -- essentially you'd be surfing the web via a proxy and your landlords wouldnt be able to determine what you are doing.
assuming you are using a real vpn, and not just a browser based proxy solution, then the vpn should encrypt and tunnel all of your network traffic, this includes anything coming out of any port on your computer, not just http traffic.
when you install a vpn on your computer, the vpn creates a fake network device, and all of the vpn traffic gets tunneled to the vpn gateway. you can verify this by looking at your computer's routing tables. there are some vpns which allow for split traffic (split tunneling), e.g. traffic to certain domains gets tunneled through the vpn and others goes in the clear, but this is the rarity, most vpns will tunnel all of your traffic, which seems to be what you are looking for.
just make sure that your vpn uses an encryption protocol, there are some that don't -- this would defeat the whole purpose of your vpn.
Hi
let me make my question clear. Two people using my app are connected to the internet. Both have each other's IP and they want to chat (like Y!messanger) with each other.
I think I need to use Indy components; right? Which component should I use?
Thanks in advance
Have you looked at any of the demos on Indy's website yet?
In general, you are looking to create a "Client/Server" type application. A quick Google search for "indy client server example" pulls up lots of results, including this one: http://www.devarticles.com/c/a/Delphi-Kylix/A-Real-World-Client-Server-Application-in-Delphi/
In reality, this gets a lot more complicated when you have firewalls and NATs with private IP addresses. You will have to consider how your application will either get around or through these types of technologies.
Similar to what Scott said, I think that your biggest problem is getting them talking to each other. My computers at home go through a router, which blocks all incoming connection requests (i.e. requests to start a conversation between two computers) from the Internet. My computers can send connection requests OUT, and start a conversation that way, but unless you modify the router (port forwarding) my computers can not receive connection requests.
You need a server somewhere to which both people will connect, that can then relay messages back and forth. To get really tricky, once the connection is made to the server the two computers can then be put into direct contact, but that involves UDP packets and some clever magic.
You don't have to use Indy components, you just need anything that will handle communications over the network. Any HTTP or sockets network stack will do. Indy is the defacto standard for Delphi Win32.
To do network communications, you will need to create a listener object or service on machine A and a sender object on machine B to send a network message from A to B. To send a message from B to A, you will need a reverse path as well - 4 objects total to perform bidirectional comms. Some object wrappers hide this detail internally. I don't recall offhand whether Indy hides this or not.
It would probably be easiest if you use a common TCP/IP protocol for your machine to machine communications, such as HTTP. This will make it easier to get your connections through firewalls and proxies that frequently exist between arbitrary users. To avoid conflicting with any HTTP web services that might be running on either machine, you should use a custom port number with the IP address: 192.168.1.10:12345, not the standard HTTP web server port 80. This is what most of the IM clients do.
How can I disconnect any process from the Internet? PID process and IP (local / remote) are known.
It sounds like you want to control which applications can access the network/Internet.
If you just want to pick and choose which applications can have network access or which protocols you want to be used, I recommend any free or commercial firewall product.
If you need more control, such as disconnecting existing connections for a given process/protocol, I don't know of a simple API call. It would mean more effort, but you could use a local proxy server written in Delphi. If applications use this proxy to get to the outside world, you can add the ability to disconnect specific connections.
You could kill the process itself, or disconnect the network card from the network (the later would effect all processes on the machine though). AFIK most current software firewalls do not allow apply rule changes to existing connections, just when new connections are requested.