This project has moved. For the latest updates, please go here.

How enterprise Firewall recognize Barba

May 23, 2013 at 8:40 AM
Hello,

I used to use BarbaTunnel after a while my speed decreased so much (sometimes i can not open my pages or softwares). But I see maybe they figured out how BarbaTunnel works and block it by firewall. So there is some specific criteria in send/receive packets. What are those and Where can I change them?

Regards.
Coordinator
May 23, 2013 at 2:13 PM
  1. Please take speed test with http://www.speedtest.net 5 times with a server in US and share result link to me.
  2. What protocol you are using HTTP or UDP?
  3. speed decreased so much? how much? if you use HTTP-Tunnel 30% overhead is normal. PPTP overhead should near 5%.
    Cheers
May 23, 2013 at 5:32 PM
1- These are links, my internet is a domestic wireless network
www.speedtest.net/result/2726950423.png
www.speedtest.net/result/2726859239.png
www.speedtest.net/result/2726954612.png
www.speedtest.net/result/2726970005.png
www.speedtest.net/result/2726977557.png
2- I use HTTP however I am not sure about it!
3- yeah!it's so much... because i could not take any speedtest !
Coordinator
May 23, 2013 at 9:56 PM
You didn't select a server in United Stated. See distance! you select a server near your ISP.
So please
  1. Let me see the speed test with http://www.speedtest.net 5 times with a server in US. Just one server in US
  2. Let me see the BarbaTunnel log, Let be sure is it HTTP-Tunnel or not.
    Regards
May 25, 2013 at 2:49 PM
Coordinator
May 25, 2013 at 2:54 PM
Your current network speed is too much slow, sorry but unfortunately you don't have any chance to use Http Tunnel of BarbaTunnel.
I don't think Firewall recognize it yet, I think it couldn't establish connection due your connection speed and TCP tunnel overhead.
Try UDP tunnel and if it doesn't work you should find other tools.
Regards
May 25, 2013 at 3:11 PM
Hello,

As I told you this is not my real speed connection. after using this barbatunnel my speed test on speedtest.net got decreased! soon I will upload some screenshots of my speedtest on another website .
May 26, 2013 at 10:37 AM
I Think these days their policy has changed they don't need to filter they slow down the speed and decrease the bandwidth, every tunnel can work but with very limited speed
Coordinator
May 26, 2013 at 3:25 PM
Hi
Recently many people use BarbaTunnel from Iran and I got many good report with 20 to maximum 50% overhead. I think they generally decrease your connection speed to any sever outside of I don't know any method to detect BarbaTunnel HTTP method. Perhaps they decrease your upload speed for example if you have 1000Kbit download size but just 50Kbit upload size, then any TCP connection got very very slow.
By the way I try to make it better. My problem is that I don't have such firewall and couldn't debug BarbaTunnel behind it.
Regards
May 30, 2013 at 2:43 PM
Edited May 30, 2013 at 2:48 PM
erhaps they decrease your upload speed for example if you have 1000Kbit download size but just 50Kbit upload size, then any TCP connection got very very slow.
By the way I try to make it better. My problem is that I don't have such firewall and couldn't debug BarbaTunnel behind it.
  1. They're already DECREASE the upload speed as you pointed. for example my download speed is 130Kbit but my upload speed is just about 30Kbit!
  2. i highly recommend you try an IRANIAN ip adress (server) to find out what really a FIREWALL/NAT means!
maybe you should try this:
http://incloak.com/proxy-list/?country=IR

dude! if you find a way to past iran's firewall/NAT filtering system without any damages in your connection & speed, then you will can say OUREKA OUREKA! i'm the hero!!

not kidding, they're so professional in this part, i mean it.

thanks for your nice shared tool
regards
Coordinator
May 30, 2013 at 6:07 PM
Hi
find out what really a FIREWALL/NAT means!
You should know NAT does not any relation to firewall and censorship.
they're so professional in this part..
Blocking or decrease entire TCP or UDP connection does not need any profession. It mean they just don't know about packets, Internet usage ans it importance so they generally block it or decrease speed. I am sure all legal regular application got issue for connection.

Do you think much knowledge required to entirely disconnect internet like North Korea.

Sorry but no tunnel will work without connection.

Regards
May 31, 2013 at 4:09 PM
Edited May 31, 2013 at 4:10 PM
Do you think much knowledge required to entirely disconnect internet like North Korea.
i'm totally understand how much stupid they are and without any technical profession but the problem is all the internet gateway is under their control and we can do nothing.
Sorry but no tunnel will work without connection.
also another problem is: we have connection but with too much LIMITATION on it!
they're not going to disconnect our internet but every day do something new on that.
easy or difficult we must find our way to bypass the government firewall.
tunnels will work but we must choose the good & strong ways, for example ICMP or DNS tunnels (VPN) already working good in iran. or if you can help to bypass the firewall with your tool better & faster its another way. we will never get tired and we will fight for freedom. just must search and try dude :)

and never forget you & another professional guys will can help us always, we need your help.
best regards
Coordinator
May 31, 2013 at 4:33 PM
Hi, as you told
They're already DECREASE the upload speed as you pointed. for example my download speed is 130Kbit but my upload speed is just about 30Kbit!
A very basic firewall can reduce network speed, and a perhaps a scissors can reduce speed to zero :)
Unfortunately currently I just offer HTTP-Tunnel and i don't think you are be able to get good performance with HTTP-Tunnel in such speed.
Just try to set HttpRequestMode=Bombard.

Sorry, I have not more idea with slow connections.
Good Luck
May 31, 2013 at 11:17 PM
Edited May 31, 2013 at 11:21 PM
Hi, BarbaCoder
i'm totally understand and i'm really appreciate that because you follow this issue.

what do you think about ICMP tunnel? can you help me about this?
please look at this topic:
http://neophob.com/2007/10/pingtunnel-for-windows-icmp-tunnel/

its possible to run a good strong tunnel over ICMP protocol in windows server but need some changes than the past ways.
for example tunnelguru & strongVPN created openVPN over ICMP for this kind of situations and i'm already use them both with fast & strong connection. so what about your tunnel? is it possible to run barba tunnel over ICMP in future features? (i mean turn the tool to a kind of independent project for ping tunnel)
also i'm understand if you would to just follow your way in barba project and there is no any expectation. you & your project are cool anyway!
regards
May 31, 2013 at 11:20 PM
Hi BarbaCoder,

I'm not good at network programming. however as far as I know the packets that sends via my network contains of some header and body. We don't upload any file on internet so the packets only are some requests to check data with servers. This means if even my upload speed is 16kpbs is enough for uploading rate. please tell if I do mistakes.
Coordinator
May 31, 2013 at 11:44 PM
PPServer wrote:
Hi, BarbaCoder
i'm totally understand and i'm really appreciate that because you follow this issue.

what do you think about ICMP tunnel? can you help me about this?
please look at this topic:
http://neophob.com/2007/10/pingtunnel-for-windows-icmp-tunnel/

its possible to run a good strong tunnel over ICMP protocol in windows server but need some changes than the past ways.
for example tunnelguru & strongVPN created openVPN over ICMP for this kind of situations and i'm already use them both with fast & strong connection. so what about your tunnel? is it possible to run barba tunnel over ICMP in future features? (i mean turn the tool to a kind of independent project for ping tunnel)
also i'm understand if you would to just follow your way in barba project and there is no any expectation. you & your project are cool anyway!
regards
Dear PPServer
I don't know about ICMP tunnel, but as my little knowledge ICMP tunnel usually use echo request (PING) payload data. It should be fast as UDP but detecting HTTP-Tunnel is much more difficult.
  1. ICMP is not critical and in your case it may blocked
  2. ICMP tunnel is very good for sending data but very bad to retrieve data, firewall may simply don't allow any echo size and may block returned packet if the echo is not equal or is not requested. I don't have sure about what I wrote.
so what about your tunnel? is it possible to run barba tunnel over ICMP in future features?
If you know about ICMP specification and have time it is so easy to implement in BarbaTunnel. BarbaTunnel already do 95% of stuff. Implementing UDP and ICMP tunnel may be so easy, Just look at current UDP tunnel in BarbaTunnel in project. It is only two small class and ICMP should be same. Even I already request in home page that someone join for ICMP tunnel.

Currently I just think about creating tunnel with scatted size, multi local and source port. Maybe never got time.
There is some dirty way too! Do you like put missile in ambulance? Configure TCP connection on RDP port (TCP:3389) .
Warning: You may loose your RDP connection and maybe you couldn't reach your server! Ensure you enable DebugMode and set AutoStartDelay=10 in barbatunnel.ini. So you have chance to reach your server till 10 minutes after restart via admin panel (if any).
Good Luck
Coordinator
May 31, 2013 at 11:49 PM
pejman_view wrote:
Hi BarbaCoder,

I'm not good at network programming. however as far as I know the packets that sends via my network contains of some header and body. We don't upload any file on internet so the packets only are some requests to check data with servers. This means if even my upload speed is 16kpbs is enough for uploading rate. please tell if I do mistakes.
Upload speed should be 1/4 of download speed. Internet usually based on TCP and TCP protocol always sending data called "ACK" to server even when you just download the file. There is strong overhead in TCP-Tunnel because your org TCP data need ack that goes to VPN and TCP connection for tunnel need ack too. so the upload is so much important even when you just downloading file.
Regards
Jun 1, 2013 at 12:41 AM
BarbaCoder wrote:
Upload speed should be 1/4 of download speed. Internet usually based on TCP and TCP protocol always sending data called "ACK" to server even when you just download the file. There is strong overhead in TCP-Tunnel because your org TCP data need ack that goes to VPN and TCP connection for tunnel need ack too. so the upload is so much important even when you just downloading file.
Regards
Hi BarbaCoder,

I mean "ACK" doesn't need so much upload rate sometimes even less than 1/10

this is my screenshots of my download and upload speed when I'm using rdp:
http://oi44.tinypic.com/jv3t6q.jpg
As you can see, in spite of using rdp my upload speed is lower than 1/8

This is my screenshots of speedtest at this website : http://www.speakeasy.net/speedtest/
http://oi40.tinypic.com/98t0tk.jpg
http://www.speedtest.net/result/2744471365.png

this is my upload/download speed. Assymetric download/speed on Wimax 128kbps internet.

I also know they haven't decreased the speed of connection. they try to drop packets that find the predefined behaviors.
Coordinator
Jun 1, 2013 at 8:24 AM
pejman_view
128 is too less, and with if 40~60 overhead it will be useless.
You should find another kind of tunnel or wait for my next version.
Next version may be released 2 or 3 month or maybe never due some of my personal problems.
Cheers