Have you seen graphics like this? This apparently describes a tunnel. But… what exactly is a (secure) tunnel? And what does this have to do with VPNs and proxies? The term “tunnel” is something that really confused me years ago when I started to learn about computer science. Like… I know what a tunnel is. But it made no sense as a technical term. In this video series I try to make the videos that I wish I had back then, and I hope at the end of this video you somewhat have an idea of what the f’ a tunnel is.
To understand this video, however, you should already be familiar with what a “server” is and what a “protocol” is, and also what network layers are. Lucky for you, I made those exact three videos already. So maybe check them out before this one. Or keep watching, and when you start to get confused, then check out the other videos.
In the video about network layers I explained that you can think of the whole network stack as a blackbox. If you want to transmit some text to a specific IP and port, just hand it over, and moments later it magically appears on the target computer. You can do the same with netcat on a computer, you can listen here on port 1234, and then you can connect to the IP and port. Entering some text and sending it, it will magically appear on the target over there. If you understand this, then understanding what a tunnel is will be easy.
As you can see, this program simply forwards any data sent to it. Let’s do a quick local experiment. I execute this forwarded and I listen on localhost 1337, and I forward all data to localhost 1234. Then I execute netcat with a listener on port 1234 and we are ready. So the target netcat program is listening on 1234, but we have a forwarded that forwards everything from 1337 to 1234. When we now execute netcat to connect to 1337, we can see that the forwarded got a new client connection, and connected to the target netcat. And when we send some data, it gets forwarded. Also if we respond with some text it gets forwarded back.
Of course, this is not a very secure proxy. We just forwarded the plain data over the network. So a network attacker who can observe the traffic. Like those elite Starbucks wifi hackers. They can just see what we sent. So while we obscured the real IP for the target website we contacted, somebody could still sniff this traffic. But we can easily build on top of that. Let’s add some crypto to it and encrypt the traffic.
Real VPN protocols use a bit more magic. Because it uses these layers in a beautiful way. When you fall for those VPN ads and get yourself a VPN, you intend to use it like a proxy. But the purpose of a VPN is very different. VPN technologies are usually intended to provide you access to a VIRTUAL PRIVATE NETWORK. A WHOLE NETWORK. That’s what corporate or company VPNs are for. Because real VPN clients and servers do not just forward requests like a basic proxy, but it actually packages up the entire packet.
And if you look up a basic TUN/TAP programming tutorial, this is what you can see there. First you somehow have to create such an interface. This depends on your operating system if you need to install additional drivers or so. But if you have now created such an interface, you can write a program that opens this TUN interface and reads from it. If you send a ping targeted to that ip network, the operating system will then forward the ping packet to your program, and your program reads the whole packet. So if you want to go a bit deeper on a technical level, I really can recommend to you this excellent blog post. It’s a bit older, so some commands and function names might have changed a bit, but overall this is still how it works. And it also expands on this basic read example and has here a section on how to implement a full tunnel now.
Q: What is the concept of a tunnel in computer science?
A: A tunnel in computer science is a secure passage through which data is transmitted over a network. It is often used in the context of VPNs and proxies to create a secure connection between two endpoints.
Q: Why is understanding network layers important?
A: Understanding network layers is important as it helps in grasping how data is transmitted over a network. It provides a structured way of organizing communication protocols and devices within a network.
Q: How do forwarder proxy programs work?
A: Forwarder proxy programs act as intermediaries between a client and a server, forwarding data between them. They enable communication between different network entities by relaying information.
Q: How can a basic secure proxy be created?
A: A basic secure proxy can be created by implementing a program that forwards data while also encrypting the communication to ensure data security and confidentiality.
Q: What is XOR encryption and how can it enhance a proxy?
A: XOR encryption is a simple cryptographic operation that can be used to enhance the security of a proxy by encrypting the data being transmitted. It adds a layer of protection to the communication channel.
Q: What is the difference between a VPN and a proxy?
A: While both VPNs and proxies can mask the user's IP address, VPNs create a secure encrypted tunnel for all internet traffic, whereas proxies act as intermediaries for specific applications or services.
Q: How do TUN/TAP interfaces operate?
A: TUN/TAP interfaces are virtual network devices that allow user-space programs to interact with the kernel's network stack. They are commonly used for creating VPNs and implementing custom network protocols.
