the way to force softether cconnect ICMP
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
the way to force softether cconnect ICMP
in google search this software for your client OS
wipfw
and after that you use it in 2 way for XP and 7-32 bit.
you should copy this configuration replace the default file. and in the place that i wrote you server ip address locate your server ip number. this are data in this file wipfw.conf
# First flush the firewall rules
-f flush
# Localhost rules
add 100 allow all from any to any via lo*
# Prevent any traffic to 127.0.0.1, common in localhost spoofing
add 110 deny log all from any to 127.0.0.0/8 in
add 110 deny log all from 127.0.0.0/8 to any in
#Testing rules, to find ports used by services if we aren't sure. These rules allow ALL traffic to pass through the firewall, disabling any subsequent rules
add 140 deny log logamount 500 tcp from any to ( your server ip address )
add 150 deny log logamount 500 udp from any to ( your server ip address )
add check-state
add pass all from me to any out keep-state
add count log ip from any to any
after that you should disable all of your firewalls such as kasper ,a nd, ...
also your windows firewall
this is an expert firewall linuxbased on windows. so you block all of your TCP and UDP traffic to your server and then it connect trough ICMP.
for work on XP after you disable all of firewall you press install. and then connect, in your client both parameters in andvanced mode sofether client encrypt with SSL and data compression should have tik.
after you surf internet free and disconnect from softether press uninstall.
now your firewall stop. every time you should do it.
but in windows 7 you should have service pack 1.
for installation, you should go to your intenet connection status ( wireless, or lan )
then press install. then select service and press add, and install service wipfw on your network card.
then go to search and search UAC, after found that change it to minimum.
then go to folder you downloaded, and right click and install as administrator.
disable all of your firewalls
now connect with softether, every thing is ok. but every time that you want to disable this firewall you should go to control panle, administrative tools, services and stop wipfw service. if you see this it isnt start , start that again and stop to really stop the firewall
have a free internet with good speed
be success.
thanks alot again from softether team with powerfull software
wipfw
and after that you use it in 2 way for XP and 7-32 bit.
you should copy this configuration replace the default file. and in the place that i wrote you server ip address locate your server ip number. this are data in this file wipfw.conf
# First flush the firewall rules
-f flush
# Localhost rules
add 100 allow all from any to any via lo*
# Prevent any traffic to 127.0.0.1, common in localhost spoofing
add 110 deny log all from any to 127.0.0.0/8 in
add 110 deny log all from 127.0.0.0/8 to any in
#Testing rules, to find ports used by services if we aren't sure. These rules allow ALL traffic to pass through the firewall, disabling any subsequent rules
add 140 deny log logamount 500 tcp from any to ( your server ip address )
add 150 deny log logamount 500 udp from any to ( your server ip address )
add check-state
add pass all from me to any out keep-state
add count log ip from any to any
after that you should disable all of your firewalls such as kasper ,a nd, ...
also your windows firewall
this is an expert firewall linuxbased on windows. so you block all of your TCP and UDP traffic to your server and then it connect trough ICMP.
for work on XP after you disable all of firewall you press install. and then connect, in your client both parameters in andvanced mode sofether client encrypt with SSL and data compression should have tik.
after you surf internet free and disconnect from softether press uninstall.
now your firewall stop. every time you should do it.
but in windows 7 you should have service pack 1.
for installation, you should go to your intenet connection status ( wireless, or lan )
then press install. then select service and press add, and install service wipfw on your network card.
then go to search and search UAC, after found that change it to minimum.
then go to folder you downloaded, and right click and install as administrator.
disable all of your firewalls
now connect with softether, every thing is ok. but every time that you want to disable this firewall you should go to control panle, administrative tools, services and stop wipfw service. if you see this it isnt start , start that again and stop to really stop the firewall
have a free internet with good speed
be success.
thanks alot again from softether team with powerfull software
-
- Posts: 22
- Joined: Mon May 06, 2013 3:37 am
Re: the way to force softether cconnect ICMP
thanks for the guide, unfortunately there is no way to getting this work with 64 bit windows nor getting it work with win 8.
but if this is the case a firewall rule blocking all TCP / UDP traffic to a specific address should work too. I will try it.
Edit:
firewall rule is in place and confirmed working, but softether client still tries to establish a TCP tunnel, guess our friend freeiran already tried this and the only way is a kernel level ip filter / firewall like wipfw.
but if this is the case a firewall rule blocking all TCP / UDP traffic to a specific address should work too. I will try it.
Edit:
firewall rule is in place and confirmed working, but softether client still tries to establish a TCP tunnel, guess our friend freeiran already tried this and the only way is a kernel level ip filter / firewall like wipfw.
-
- Posts: 13
- Joined: Tue Mar 12, 2013 2:19 pm
Re: the way to force softether cconnect ICMP
freeiran wrote:
> in google search this software for your client OS
>
> wipfw
>
> and after that you use it in 2 way for XP and 7-32 bit.
>
>
> you should copy this configuration replace the default file. and in the
> place that i wrote you server ip address locate your server ip number. this
> are data in this file wipfw.conf
>
>
>
>
> after that you should disable all of your firewalls such as kasper ,a nd,
> ...
>
> also your windows firewall
>
> this is an expert firewall linuxbased on windows. so you block all of your
> TCP and UDP traffic to your server and then it connect trough ICMP.
>
> for work on XP after you disable all of firewall you press install. and
> then connect, in your client both parameters in andvanced mode sofether
> client encrypt with SSL and data compression should have tik.
>
> after you surf internet free and disconnect from softether press uninstall.
>
> now your firewall stop. every time you should do it.
>
>
>
> have a free internet with good speed
>
> be success.
>
> thanks alot again from softether team with powerfull software
Thank you for your help,
but I get this error after run of install_svc.cmd:
current roles:
my_socket failed 2, cannot talk to kernel module
ipfw: socket
my system is 32Bit runs Win XP
I disabled firewall and antivirus before I run the command file.
> in google search this software for your client OS
>
> wipfw
>
> and after that you use it in 2 way for XP and 7-32 bit.
>
>
> you should copy this configuration replace the default file. and in the
> place that i wrote you server ip address locate your server ip number. this
> are data in this file wipfw.conf
>
>
>
>
> after that you should disable all of your firewalls such as kasper ,a nd,
> ...
>
> also your windows firewall
>
> this is an expert firewall linuxbased on windows. so you block all of your
> TCP and UDP traffic to your server and then it connect trough ICMP.
>
> for work on XP after you disable all of firewall you press install. and
> then connect, in your client both parameters in andvanced mode sofether
> client encrypt with SSL and data compression should have tik.
>
> after you surf internet free and disconnect from softether press uninstall.
>
> now your firewall stop. every time you should do it.
>
>
>
> have a free internet with good speed
>
> be success.
>
> thanks alot again from softether team with powerfull software
Thank you for your help,
but I get this error after run of install_svc.cmd:
current roles:
my_socket failed 2, cannot talk to kernel module
ipfw: socket
my system is 32Bit runs Win XP
I disabled firewall and antivirus before I run the command file.
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
Re: the way to force softether cconnect ICMP
please change your client TCP port , set a port that your server doesnt listen to that. please report me about that.
Last edited by freeiran on Thu May 16, 2013 11:47 am, edited 4 times in total.
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
Re: the way to force softether cconnect ICMP
maybe your OS has problem, i installed that and has no problem.
again chek the config file for wipfw.conf please
i think you downloade winxp for 64 bit, you should download 32 bit version for your computer
again chek the config file for wipfw.conf please
i think you downloade winxp for 64 bit, you should download 32 bit version for your computer
Last edited by freeiran on Fri May 17, 2013 4:52 am, edited 1 time in total.
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
Re: the way to force softether cconnect ICMP
new good news for all
in win 7- 32 or 64 go to start, control panel , windows firewall, advanced settings, outband ruls, new rule and please block these 2 UDP ports: 18746 and 2805
please write 2 rules.
and then connect vpn over DNS and surf the internet easily,
in win 7 yo dont need do other work
thanks
in win 7- 32 or 64 go to start, control panel , windows firewall, advanced settings, outband ruls, new rule and please block these 2 UDP ports: 18746 and 2805
please write 2 rules.
and then connect vpn over DNS and surf the internet easily,
in win 7 yo dont need do other work
thanks
-
- Posts: 22
- Joined: Mon May 06, 2013 3:37 am
Re: the way to force softether cconnect ICMP
freeiran wrote:
> new good news for all
>
> in win 7- 32 or 64 go to start, control panel , windows firewall, advanced
> settings, outband ruls, new rule and please block these 2 UDP ports: 18746
> and 2805
>
> please write 2 rules.
>
> and then connect vpn over DNS and surf the internet easily,
>
> in win 7 yo dont need do other work
>
> thanks
18746 and 2805 Local ports?
by the way should it display as Direct TCP/IP Connection in softether client?
can you provide a screenshot of your win7 firewall rule window please?
Edit:
Managed to get DNS Tunnel working by blocking all TCP traffic to my server's IP Address and using a random port during connection, the speed is awful. :|
need a way to use ICMP tunnel instead of this.
> new good news for all
>
> in win 7- 32 or 64 go to start, control panel , windows firewall, advanced
> settings, outband ruls, new rule and please block these 2 UDP ports: 18746
> and 2805
>
> please write 2 rules.
>
> and then connect vpn over DNS and surf the internet easily,
>
> in win 7 yo dont need do other work
>
> thanks
18746 and 2805 Local ports?
by the way should it display as Direct TCP/IP Connection in softether client?
can you provide a screenshot of your win7 firewall rule window please?
Edit:
Managed to get DNS Tunnel working by blocking all TCP traffic to my server's IP Address and using a random port during connection, the speed is awful. :|
need a way to use ICMP tunnel instead of this.
You do not have the required permissions to view the files attached to this post.
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
Re: the way to force softether cconnect ICMP
hi
i found you block these with your firewall software, please add your rules in your windows firewall, such as before i said, may be it has difference, also i think you didnt mark (use data compression ) on your client
in win 7- 32 or 64 go to start, control panel , windows firewall, advanced settings, outband ruls, new rule and please block these 2 UDP ports: 18746 and 2805 ( client local ports )
also more than 3 times i said use a port on your client that your server doesnt listen that. ok? so you dont need to block TCP port.
for using ICMP , i should say softether uses protocols with this rules:
1- TCP
2- UDP
3- ICMP
4- DNS port
so every protocol that blocked it uses another with this line number.
if you open icmp from your server in inband and ouutband in your client it works on ICMP. you should check opened ICMP both in your windows firewall and your software firewall such as kasper, ....
for ICMP you should only have closed all UDP and TCP port and an ICMP open.
but i dont know do you know how protocols work? DNS uses an UDP port, so your speed should be more than both TCP and ICMP tunnel, it is broadcast!!!
with these tests you can find that your ISP really has bandwidth or only gives you web and download with huge cache servers!!!!
i found you block these with your firewall software, please add your rules in your windows firewall, such as before i said, may be it has difference, also i think you didnt mark (use data compression ) on your client
in win 7- 32 or 64 go to start, control panel , windows firewall, advanced settings, outband ruls, new rule and please block these 2 UDP ports: 18746 and 2805 ( client local ports )
also more than 3 times i said use a port on your client that your server doesnt listen that. ok? so you dont need to block TCP port.
for using ICMP , i should say softether uses protocols with this rules:
1- TCP
2- UDP
3- ICMP
4- DNS port
so every protocol that blocked it uses another with this line number.
if you open icmp from your server in inband and ouutband in your client it works on ICMP. you should check opened ICMP both in your windows firewall and your software firewall such as kasper, ....
for ICMP you should only have closed all UDP and TCP port and an ICMP open.
but i dont know do you know how protocols work? DNS uses an UDP port, so your speed should be more than both TCP and ICMP tunnel, it is broadcast!!!
with these tests you can find that your ISP really has bandwidth or only gives you web and download with huge cache servers!!!!
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
Re: the way to force softether cconnect ICMP
another thing is they blocked with this hard way only for USA and europe AS numbers.
if you have a server such in korea or japan or china you find all of vpn works good and easily.
if you have a server such in korea or japan or china you find all of vpn works good and easily.
-
- Posts: 6
- Joined: Tue May 14, 2013 5:39 am
Re: the way to force softether cconnect ICMP
Dear free iran,
Does OpenVpn works at iran?
Does OpenVpn works at iran?
-
- Posts: 8
- Joined: Sat May 11, 2013 5:41 pm
Re: the way to force softether cconnect ICMP
freeiran wrote:
> but in windows 7 you should have service pack 1.
>
> for installation, you should go to your intenet connection status (
> wireless, or lan )
> then press install. then select service and press add, and install service
> wipfw on your network card.
>
> then go to search and search UAC, after found that change it to minimum.
>
> then go to folder you downloaded, and right click and install as
> administrator.
>
> disable all of your firewalls
>
> now connect with softether, every thing is ok. but every time that you want
> to disable this firewall you should go to control panle, administrative
> tools, services and stop wipfw service. if you see this it isnt start ,
> start that again and stop to really stop the firewall
>
> have a free internet with good speed
>
> be success.
>
> thanks alot again from softether team with powerfull software
Hi Freeiran,
Can you pass through the new Iran's firewall using the method you've described? Is the speed adequate?
Thanks,
Mori
> but in windows 7 you should have service pack 1.
>
> for installation, you should go to your intenet connection status (
> wireless, or lan )
> then press install. then select service and press add, and install service
> wipfw on your network card.
>
> then go to search and search UAC, after found that change it to minimum.
>
> then go to folder you downloaded, and right click and install as
> administrator.
>
> disable all of your firewalls
>
> now connect with softether, every thing is ok. but every time that you want
> to disable this firewall you should go to control panle, administrative
> tools, services and stop wipfw service. if you see this it isnt start ,
> start that again and stop to really stop the firewall
>
> have a free internet with good speed
>
> be success.
>
> thanks alot again from softether team with powerfull software
Hi Freeiran,
Can you pass through the new Iran's firewall using the method you've described? Is the speed adequate?
Thanks,
Mori
-
- Posts: 13
- Joined: Tue Mar 12, 2013 2:19 pm
Re: the way to force softether cconnect ICMP
freeiran wrote:
> maybe your OS has problem, i installed that and has no problem.
>
> again chek the config file for wipfw.conf please
>
> i think you downloade winxp for 64 bit, you should download 32 bit version
> for your computer
Ok I done, my mistake was I had not installed this service before I run command file.
please check my state if all ok because my traffic still drops by Iran's firewall.
> maybe your OS has problem, i installed that and has no problem.
>
> again chek the config file for wipfw.conf please
>
> i think you downloade winxp for 64 bit, you should download 32 bit version
> for your computer
Ok I done, my mistake was I had not installed this service before I run command file.
please check my state if all ok because my traffic still drops by Iran's firewall.
You do not have the required permissions to view the files attached to this post.
-
- Posts: 22
- Joined: Mon May 06, 2013 3:37 am
Re: the way to force softether cconnect ICMP
freeiran wrote:
> hi
>
> i found you block these with your firewall software, please add your rules
> in your windows firewall, such as before i said, may be it has difference,
> also i think you didnt mark (use data compression ) on your client
Hi,
my windows firewall is disabled of course, as you can see I have KIS installed and it gives me much more functionality over windows firewall, anyway I will test your setting on a system with only windows firewall enabled, if you can please provide a screenshot of your rule window in win firewall, it would be very appreciated.
> in win 7- 32 or 64 go to start, control panel , windows firewall, advanced
> settings, outband ruls, new rule and please block these 2 UDP ports: 18746
> and 2805 ( client local ports )
done that with Kaspersky, the result is softether connected with: NAT-T UDP VPN tunnel not ICMP that I hoped for.
> also more than 3 times i said use a port on your client that your server
> doesnt listen that. ok? so you dont need to block TCP port.
done this too.
> for using ICMP , i should say softether uses protocols with this rules:
> 1- TCP
> 2- UDP
> 3- ICMP
> 4- DNS port
>
> so every protocol that blocked it uses another with this line number.
what? how's dns going to connect without TCP and UDP? dns is not a protocol and it can't transport with pure IP like ICMP, it needs TCP or UDP and an open port (53 mostly) if you block both TCP and UDP no way you can use the DNS tunnel.
> if you open icmp from your server in inband and ouutband in your client it
> works on ICMP. you should check opened ICMP both in your windows firewall
> and your software firewall such as kasper, ....
it is opened, I can ping my server's public IP from client and my client's public IP from server.
> for ICMP you should only have closed all UDP and TCP port and an ICMP open.
ICMP is a protocol, it does not have any ports to open. it is allowed in my firewall (echo request, ping, etc), still, with both TCP and UDP blocked, softether will not use the ICMP tunnel method.
> but i dont know do you know how protocols work? DNS uses an UDP port, so
> your speed should be more than both TCP and ICMP tunnel, it is broadcast!!!
maybe I don't, but I know broadcast is actually slower not faster, most network admins do their best to reduce broadcast delay or stopping it from making a mess in their network, anyway this is not the point.
dns (specially on port 53) is being heavily watched, shaped and used for surveillance of general network activity. and it's not created for speed, you can found that in many dns tunnel server's documentations that speed is not the strong point of dns tunnel, it's ability to work when nothing else working is.
on the other hand ICMP is transported with IP and can transport very reasonable amount of payload and very hard to block or counter. so it is preferable to dns tunnel in many cases.
> with these tests you can find that your ISP really has bandwidth or only
> gives you web and download with huge cache servers!!!!
My ISP is TCI itself (ADSL Mokhaberat), so it has huge cache servers. yes.
> hi
>
> i found you block these with your firewall software, please add your rules
> in your windows firewall, such as before i said, may be it has difference,
> also i think you didnt mark (use data compression ) on your client
Hi,
my windows firewall is disabled of course, as you can see I have KIS installed and it gives me much more functionality over windows firewall, anyway I will test your setting on a system with only windows firewall enabled, if you can please provide a screenshot of your rule window in win firewall, it would be very appreciated.
> in win 7- 32 or 64 go to start, control panel , windows firewall, advanced
> settings, outband ruls, new rule and please block these 2 UDP ports: 18746
> and 2805 ( client local ports )
done that with Kaspersky, the result is softether connected with: NAT-T UDP VPN tunnel not ICMP that I hoped for.
> also more than 3 times i said use a port on your client that your server
> doesnt listen that. ok? so you dont need to block TCP port.
done this too.
> for using ICMP , i should say softether uses protocols with this rules:
> 1- TCP
> 2- UDP
> 3- ICMP
> 4- DNS port
>
> so every protocol that blocked it uses another with this line number.
what? how's dns going to connect without TCP and UDP? dns is not a protocol and it can't transport with pure IP like ICMP, it needs TCP or UDP and an open port (53 mostly) if you block both TCP and UDP no way you can use the DNS tunnel.
> if you open icmp from your server in inband and ouutband in your client it
> works on ICMP. you should check opened ICMP both in your windows firewall
> and your software firewall such as kasper, ....
it is opened, I can ping my server's public IP from client and my client's public IP from server.
> for ICMP you should only have closed all UDP and TCP port and an ICMP open.
ICMP is a protocol, it does not have any ports to open. it is allowed in my firewall (echo request, ping, etc), still, with both TCP and UDP blocked, softether will not use the ICMP tunnel method.
> but i dont know do you know how protocols work? DNS uses an UDP port, so
> your speed should be more than both TCP and ICMP tunnel, it is broadcast!!!
maybe I don't, but I know broadcast is actually slower not faster, most network admins do their best to reduce broadcast delay or stopping it from making a mess in their network, anyway this is not the point.
dns (specially on port 53) is being heavily watched, shaped and used for surveillance of general network activity. and it's not created for speed, you can found that in many dns tunnel server's documentations that speed is not the strong point of dns tunnel, it's ability to work when nothing else working is.
on the other hand ICMP is transported with IP and can transport very reasonable amount of payload and very hard to block or counter. so it is preferable to dns tunnel in many cases.
> with these tests you can find that your ISP really has bandwidth or only
> gives you web and download with huge cache servers!!!!
My ISP is TCI itself (ADSL Mokhaberat), so it has huge cache servers. yes.
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
Re: the way to force softether cconnect ICMP
no, openvpn doesnt work
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
Re: the way to force softether cconnect ICMP
itachi wrote:
> freeiran wrote:
> > maybe your OS has problem, i installed that and has no problem.
> >
> > again chek the config file for wipfw.conf please
> >
> > i think you downloade winxp for 64 bit, you should download 32 bit version
> > for your computer
> Ok I done, my mistake was I had not installed this service before I run command file.
> please check my state if all ok because my traffic still drops by Iran's firewall.
i think you run install without change wipfw.conf file!!!!
> freeiran wrote:
> > maybe your OS has problem, i installed that and has no problem.
> >
> > again chek the config file for wipfw.conf please
> >
> > i think you downloade winxp for 64 bit, you should download 32 bit version
> > for your computer
> Ok I done, my mistake was I had not installed this service before I run command file.
> please check my state if all ok because my traffic still drops by Iran's firewall.
i think you run install without change wipfw.conf file!!!!
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
Re: the way to force softether cconnect ICMP
Lord Farhad wrote:
> freeiran wrote:
> > hi
> >
> > i found you block these with your firewall software, please add your rules
> > in your windows firewall, such as before i said, may be it has difference,
> > also i think you didnt mark (use data compression ) on your client
>
> Hi,
>
> my windows firewall is disabled of course, as you can see I have KIS installed and it
> gives me much more functionality over windows firewall, anyway I will test your
> setting on a system with only windows firewall enabled, if you can please provide a
> screenshot of your rule window in win firewall, it would be very appreciated.
>
> > in win 7- 32 or 64 go to start, control panel , windows firewall, advanced
> > settings, outband ruls, new rule and please block these 2 UDP ports: 18746
> > and 2805 ( client local ports )
>
> done that with Kaspersky, the result is softether connected with: NAT-T UDP VPN
> tunnel not ICMP that I hoped for.
>
> > also more than 3 times i said use a port on your client that your server
> > doesnt listen that. ok? so you dont need to block TCP port.
>
> done this too.
>
> > for using ICMP , i should say softether uses protocols with this rules:
> > 1- TCP
> > 2- UDP
> > 3- ICMP
> > 4- DNS port
> >
> > so every protocol that blocked it uses another with this line number.
>
> what? how's dns going to connect without TCP and UDP? dns is not a protocol and it
> can't transport with pure IP like ICMP, it needs TCP or UDP and an open port (53
> mostly) if you block both TCP and UDP no way you can use the DNS tunnel.
>
> > if you open icmp from your server in inband and ouutband in your client it
> > works on ICMP. you should check opened ICMP both in your windows firewall
> > and your software firewall such as kasper, ....
>
> it is opened, I can ping my server's public IP from client and my client's public IP
> from server.
>
> > for ICMP you should only have closed all UDP and TCP port and an ICMP open.
>
> ICMP is a protocol, it does not have any ports to open. it is allowed in my firewall
> (echo request, ping, etc), still, with both TCP and UDP blocked, softether will not
> use the ICMP tunnel method.
>
> > but i dont know do you know how protocols work? DNS uses an UDP port, so
> > your speed should be more than both TCP and ICMP tunnel, it is broadcast!!!
>
> maybe I don't, but I know broadcast is actually slower not faster, most network
> admins do their best to reduce broadcast delay or stopping it from making a mess in
> their network, anyway this is not the point.
>
> dns (specially on port 53) is being heavily watched, shaped and used for surveillance
> of general network activity. and it's not created for speed, you can found that in
> many dns tunnel server's documentations that speed is not the strong point of dns
> tunnel, it's ability to work when nothing else working is.
>
> on the other hand ICMP is transported with IP and can transport very reasonable
> amount of payload and very hard to block or counter. so it is preferable to dns
> tunnel in many cases.
>
> > with these tests you can find that your ISP really has bandwidth or only
> > gives you web and download with huge cache servers!!!!
>
> My ISP is TCI itself (ADSL Mokhaberat), so it has huge cache servers. yes.
to connect ICMP block TCP and UDP both , and for connect UDP only close 2 ports i said before by your system firewall. or with wipfw block ICMP, TCP and All UDP exept 53, i said these 2 ports because of wipfw wasnt for 7- 64 bit and windows 8
myself doesnt have win7, but i tested one place and worked
> freeiran wrote:
> > hi
> >
> > i found you block these with your firewall software, please add your rules
> > in your windows firewall, such as before i said, may be it has difference,
> > also i think you didnt mark (use data compression ) on your client
>
> Hi,
>
> my windows firewall is disabled of course, as you can see I have KIS installed and it
> gives me much more functionality over windows firewall, anyway I will test your
> setting on a system with only windows firewall enabled, if you can please provide a
> screenshot of your rule window in win firewall, it would be very appreciated.
>
> > in win 7- 32 or 64 go to start, control panel , windows firewall, advanced
> > settings, outband ruls, new rule and please block these 2 UDP ports: 18746
> > and 2805 ( client local ports )
>
> done that with Kaspersky, the result is softether connected with: NAT-T UDP VPN
> tunnel not ICMP that I hoped for.
>
> > also more than 3 times i said use a port on your client that your server
> > doesnt listen that. ok? so you dont need to block TCP port.
>
> done this too.
>
> > for using ICMP , i should say softether uses protocols with this rules:
> > 1- TCP
> > 2- UDP
> > 3- ICMP
> > 4- DNS port
> >
> > so every protocol that blocked it uses another with this line number.
>
> what? how's dns going to connect without TCP and UDP? dns is not a protocol and it
> can't transport with pure IP like ICMP, it needs TCP or UDP and an open port (53
> mostly) if you block both TCP and UDP no way you can use the DNS tunnel.
>
> > if you open icmp from your server in inband and ouutband in your client it
> > works on ICMP. you should check opened ICMP both in your windows firewall
> > and your software firewall such as kasper, ....
>
> it is opened, I can ping my server's public IP from client and my client's public IP
> from server.
>
> > for ICMP you should only have closed all UDP and TCP port and an ICMP open.
>
> ICMP is a protocol, it does not have any ports to open. it is allowed in my firewall
> (echo request, ping, etc), still, with both TCP and UDP blocked, softether will not
> use the ICMP tunnel method.
>
> > but i dont know do you know how protocols work? DNS uses an UDP port, so
> > your speed should be more than both TCP and ICMP tunnel, it is broadcast!!!
>
> maybe I don't, but I know broadcast is actually slower not faster, most network
> admins do their best to reduce broadcast delay or stopping it from making a mess in
> their network, anyway this is not the point.
>
> dns (specially on port 53) is being heavily watched, shaped and used for surveillance
> of general network activity. and it's not created for speed, you can found that in
> many dns tunnel server's documentations that speed is not the strong point of dns
> tunnel, it's ability to work when nothing else working is.
>
> on the other hand ICMP is transported with IP and can transport very reasonable
> amount of payload and very hard to block or counter. so it is preferable to dns
> tunnel in many cases.
>
> > with these tests you can find that your ISP really has bandwidth or only
> > gives you web and download with huge cache servers!!!!
>
> My ISP is TCI itself (ADSL Mokhaberat), so it has huge cache servers. yes.
to connect ICMP block TCP and UDP both , and for connect UDP only close 2 ports i said before by your system firewall. or with wipfw block ICMP, TCP and All UDP exept 53, i said these 2 ports because of wipfw wasnt for 7- 64 bit and windows 8
myself doesnt have win7, but i tested one place and worked
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
Re: the way to force softether cconnect ICMP
mori wrote:
> freeiran wrote:
>
> > but in windows 7 you should have service pack 1.
> >
> > for installation, you should go to your intenet connection status (
> > wireless, or lan )
> > then press install. then select service and press add, and install service
> > wipfw on your network card.
> >
> > then go to search and search UAC, after found that change it to minimum.
> >
> > then go to folder you downloaded, and right click and install as
> > administrator.
> >
> > disable all of your firewalls
> >
> > now connect with softether, every thing is ok. but every time that you want
> > to disable this firewall you should go to control panle, administrative
> > tools, services and stop wipfw service. if you see this it isnt start ,
> > start that again and stop to really stop the firewall
> >
> > have a free internet with good speed
> >
> > be success.
> >
> > thanks alot again from softether team with powerfull software
>
> Hi Freeiran,
>
> Can you pass through the new Iran's firewall using the method you've described? Is
> the speed adequate?
>
> Thanks,
> Mori
i am not in iran, but one of my friend wanted to use his credit card from iran, and if he used that with iran ip, so the bank block his card.
he said that need too my help about that, so i checked the network and advise him remotely.
thanks
> freeiran wrote:
>
> > but in windows 7 you should have service pack 1.
> >
> > for installation, you should go to your intenet connection status (
> > wireless, or lan )
> > then press install. then select service and press add, and install service
> > wipfw on your network card.
> >
> > then go to search and search UAC, after found that change it to minimum.
> >
> > then go to folder you downloaded, and right click and install as
> > administrator.
> >
> > disable all of your firewalls
> >
> > now connect with softether, every thing is ok. but every time that you want
> > to disable this firewall you should go to control panle, administrative
> > tools, services and stop wipfw service. if you see this it isnt start ,
> > start that again and stop to really stop the firewall
> >
> > have a free internet with good speed
> >
> > be success.
> >
> > thanks alot again from softether team with powerfull software
>
> Hi Freeiran,
>
> Can you pass through the new Iran's firewall using the method you've described? Is
> the speed adequate?
>
> Thanks,
> Mori
i am not in iran, but one of my friend wanted to use his credit card from iran, and if he used that with iran ip, so the bank block his card.
he said that need too my help about that, so i checked the network and advise him remotely.
thanks
-
- Posts: 22
- Joined: Mon May 06, 2013 3:37 am
Re: the way to force softether cconnect ICMP
My friend freeiran, are you using wipfw for ICMP or you managed to done it with windows firewall?
-
- Posts: 22
- Joined: Mon May 06, 2013 3:37 am
Re: the way to force softether cconnect ICMP
miximixi wrote:
> Dear free iran,
>
> Does OpenVpn works at iran?
Not directly, only works when connecting with a proxy server.
> Dear free iran,
>
> Does OpenVpn works at iran?
Not directly, only works when connecting with a proxy server.
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
Re: the way to force softether cconnect ICMP
Lord Farhad wrote:
> My friend freeiran, are you using wipfw for ICMP or you managed to done it
> with windows firewall?
your ICMP tunnel block by windows firewall, you should disable that, so you should block your TCP and UDP protocol by wipfw or other good firewall
> My friend freeiran, are you using wipfw for ICMP or you managed to done it
> with windows firewall?
your ICMP tunnel block by windows firewall, you should disable that, so you should block your TCP and UDP protocol by wipfw or other good firewall
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
Re: the way to force softether cconnect ICMP
Lord Farhad wrote:
> miximixi wrote:
> > Dear free iran,
> >
> > Does OpenVpn works at iran?
>
> Not directly, only works when connecting with a proxy server.
trough proxy also you can connect standard TCP connection
> miximixi wrote:
> > Dear free iran,
> >
> > Does OpenVpn works at iran?
>
> Not directly, only works when connecting with a proxy server.
trough proxy also you can connect standard TCP connection
-
- Posts: 13
- Joined: Tue Mar 12, 2013 2:19 pm
Re: the way to force softether cconnect ICMP
freeiran wrote:
> i think you run install without change wipfw.conf file!!!!
yes, you were right. I changed the config file. but still no way to connect. meanwhile I use vpngate servers with use compression on my client checked.
> i think you run install without change wipfw.conf file!!!!
yes, you were right. I changed the config file. but still no way to connect. meanwhile I use vpngate servers with use compression on my client checked.
You do not have the required permissions to view the files attached to this post.
-
- Posts: 6
- Joined: Tue May 14, 2013 5:39 am
Re: the way to force softether cconnect ICMP
Dear Lord Farhad,
As I heard A proxy server with 443 listen port is still work in Iran.
So I just installed ccproxy and configed that to work with 443 port and installed proxifier on a client but when i test proxy via proxifier it could not be connect.
I suspect that the problem is that the softether and ccproxy is installed on the same server and port 443 already reserved by softether.
I have no chance with disabling softehther vpn server service on windows.
do you or any one has a clue!?
Lord Farhad wrote:
> miximixi wrote:
> > Dear free iran,
> >
> > Does OpenVpn works at iran?
>
> Not directly, only works when connecting with a proxy server.
As I heard A proxy server with 443 listen port is still work in Iran.
So I just installed ccproxy and configed that to work with 443 port and installed proxifier on a client but when i test proxy via proxifier it could not be connect.
I suspect that the problem is that the softether and ccproxy is installed on the same server and port 443 already reserved by softether.
I have no chance with disabling softehther vpn server service on windows.
do you or any one has a clue!?
Lord Farhad wrote:
> miximixi wrote:
> > Dear free iran,
> >
> > Does OpenVpn works at iran?
>
> Not directly, only works when connecting with a proxy server.
-
- Posts: 48
- Joined: Fri Apr 05, 2013 8:17 pm
Re: the way to force softether cconnect ICMP
you should have server yourself, you cant use vpngate servers, because maybe they didnt configure ICMP or DNS on their systems
-
- Posts: 8
- Joined: Sat May 11, 2013 5:41 pm
Re: the way to force softether cconnect ICMP
mori wrote:
> > Hi Freeiran,
> >
> > Can you pass through the new Iran's firewall using the method you've described?
> Is
> > the speed adequate?
> >
> > Thanks,
> > Mori
>
> i am not in iran, but one of my friend wanted to use his credit card from iran, and
> if he used that with iran ip, so the bank block his card.
>
> he said that need too my help about that, so i checked the network and advise him
> remotely.
>
> thanks
Freeiran,
Hello again.
Has your friend been successful with passing through the new firewall? Could you please advise me remotely , as well? Really appreciate your help since everyting is blocked here. I mainly need help to bypass the new firewall for SKYPE (only messaging) and not really for browsing.
Thanks,
Mori
> > Hi Freeiran,
> >
> > Can you pass through the new Iran's firewall using the method you've described?
> Is
> > the speed adequate?
> >
> > Thanks,
> > Mori
>
> i am not in iran, but one of my friend wanted to use his credit card from iran, and
> if he used that with iran ip, so the bank block his card.
>
> he said that need too my help about that, so i checked the network and advise him
> remotely.
>
> thanks
Freeiran,
Hello again.
Has your friend been successful with passing through the new firewall? Could you please advise me remotely , as well? Really appreciate your help since everyting is blocked here. I mainly need help to bypass the new firewall for SKYPE (only messaging) and not really for browsing.
Thanks,
Mori
-
- Posts: 22
- Joined: Mon May 06, 2013 3:37 am
Re: the way to force softether cconnect ICMP
miximixi wrote:
> Dear Lord Farhad,
>
> As I heard A proxy server with 443 listen port is still work in Iran.
> So I just installed ccproxy and configed that to work with 443 port and installed
> proxifier on a client but when i test proxy via proxifier it could not be connect.
> I suspect that the problem is that the softether and ccproxy is installed on the same
> server and port 443 already reserved by softether.
> I have no chance with disabling softehther vpn server service on windows.
> do you or any one has a clue!?
>
> Lord Farhad wrote:
> > miximixi wrote:
> > > Dear free iran,
> > >
> > > Does OpenVpn works at iran?
> >
> > Not directly, only works when connecting with a proxy server.
indeed, you need 2 public IP (or 2 servers) to be able to do this, or else ccproxy and softether will have port conflict.
> Dear Lord Farhad,
>
> As I heard A proxy server with 443 listen port is still work in Iran.
> So I just installed ccproxy and configed that to work with 443 port and installed
> proxifier on a client but when i test proxy via proxifier it could not be connect.
> I suspect that the problem is that the softether and ccproxy is installed on the same
> server and port 443 already reserved by softether.
> I have no chance with disabling softehther vpn server service on windows.
> do you or any one has a clue!?
>
> Lord Farhad wrote:
> > miximixi wrote:
> > > Dear free iran,
> > >
> > > Does OpenVpn works at iran?
> >
> > Not directly, only works when connecting with a proxy server.
indeed, you need 2 public IP (or 2 servers) to be able to do this, or else ccproxy and softether will have port conflict.
-
- Posts: 22
- Joined: Mon May 06, 2013 3:37 am
Re: the way to force softether cconnect ICMP
is there any news regarding successful cases of using ICMP tunnel? did it work for anybody here specially on a 64 bit win7 or win8?
if so please provide us with steps you made to make it work and better, if possible some screenshots of your firewall, network or generally any modification you made to windows itself or with a 3rd party program.
thanks.
if so please provide us with steps you made to make it work and better, if possible some screenshots of your firewall, network or generally any modification you made to windows itself or with a 3rd party program.
thanks.