This program is a linux VPN implementation in userspace. It collects arriving packets on the client side and sends them through a tunnel which is a tcp connection. On the server side the packets are natted and sent to their destination. Traffic in the other direction is handled appropriately. Raw sockets are used to handle the incoming and outgoing traffic.
You may ask "Why on earth does someone want a VPN in userspace?". One possible answer is: Because I can do it. Userspace software is easy to debug and when it crashes, it does not kill the whole server.
However, the main reason for this decision is that so-called virtual root servers are getting more and more popular. You cannot modify the kernel on these devices and even loading kernel modules is often not possible. That is why I decided to implement the VPN in userspace.
The settings are hardcoded in the sources.
The port for the TCP connection is specified in tunnelServer.cpp and TunnelClient.cpp. Only connections from localhost are allowed. Feel free to change this or use some authentication like a socks proxy.
The local subnet to tunnel as well as the allowed clients and destination IPs to exclude are specified in TunnelClient.h.
To prevent the kernel from sending RST packets to connections it does not know about, iptables is utilized on the vpn server as well as the vpn client. The vpn automatically adds the following rule:
iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP
In order to receive foreing packets on the tunnel client (the new local gateway) you should manually set the interface to promiscuous mode. E.g.:
ifconfig eth0 promisc
I decided to release this software under the terms of the GPLv3.