Tuesday, May 5, 2009

Getting Past the Melbourne Uni Proxy

Melbourne University has a slightly draconian policy for use of their internet on campus. All traffic must go through an HTTP proxy; basically everything besides port 80 (for regular HTTP) and port 443 (for HTTPS) is blocked.

It means I can't access my LAN, my home computers, or my Perforce server. I first tried Hamachi, which is a free (as in beer) piece of software that allows you to quickly and very easily set up a VPN. Start the software, connect to a network, and you're good to go. It worked fine outside the uni. But it's tunnelling capabilities were... limited. Hamachi supports HTTP tunnelling, but not in a peer-to-peer fashion. Instead, connections had to go through Hamachi's private "relay servers". For the free version of Hamachi, this was incredibly slow (and unreliable, in my experience). The commercial (ie: paid) version is apparently faster, but I wasn't prepared to pay ~$50/year to be able to access my home LAN from uni.

Next try: OpenVPN. OpenVPN supports HTTP tunnelling out of the box, and was relatively painless to configure (though not nearly as easy as Hamachi). I installed OpenVPN on the server at home, which is always on and always connected to the internet. Using a bridged network, OpenVPN acts as a virtual gateway to my LAN at home. I set it up to listen for TCP on port 443.

I installed OpenVPN as well, and set it up to go through the Melbourne Uni proxy, connecting to my home server (via. dynamic DNS provided by dyndns.org) through port 443. And lo and behold, it works. The proxy can't tell the difference between regular HTTPS traffic and the encrypted OpenVPN traffic, and I can now access my LAN from uni.


Anonymous said...

Great stuff, thanks for the post mate!
I'm trying to figure out a proxy/vpn solution to access Steam and my NAS from uni. Haven't succeeded so far but I'm gonna give OpenVPN a try.