This project has moved. For the latest updates, please go here.

some test reports.

Jun 5, 2013 at 8:06 AM
hi , thank you for this great project , i have successfully installed it for my own personal usage . but i found 2 bugs or malfunctions or anything else its name maybe...

my working configuration is this :
server : vps - win 2008 R2 ( 64 bit ) - barba v7.0 - FilterDriver: WinDivert -
client : win 7 64 sp1 build 7601
the connection can be made for me only by pptp vpn on the same server which barba is configured. - l2tp or sstp is being detected but they dont connect.
also on my win 7 client i cannot connect to other servers using pptp , barba wont detect them ( which is normal )
i have tested my server vpn configuration for l2tp/sstp connections from my other win vpses and vpn protocol configurations on my server are working fine and configured correctly ( pptp - l2tp+ipsec preshared key - sstp are connecting from other windowses just fine.) .

the 2 errors that i saw are these :
1-in server , BarbaTunnel.ini , if you set any ip range for clients except range 10.x.x.x it wont give you errors and it wont just work !
for example i set this and it wont work :
VirtualIpRange=192.168.167.10-192.168.167.250
and i set this and client can use pptp normally and correctly .
VirtualIpRange=10.168.167.10-10.168.167.250
also if we dont set this , it will work correct by default.

2-if you rename the BarbaTunnel.ini without recompiling the project it wont give you errors , and even if you delete it , barbamonitor will start the service without showing alerts , but client wont work .
if this project checks the needed configuration files/commands , and gives a good related error , it could be more perfect.
i dont know programming that much ( i just do a little php ) but i wished i could help.

anyways again thank you for your gr8 project.
Coordinator
Jun 5, 2013 at 8:32 AM
Hi
VirtualIpRange=192.168.167.10-192.168.167.250
Actually you should not change the default, I didn't document it but it is not your client IP, it should be a range that when the server sends a packet to this IP address it should route through gateway so PacketFilter catch it again after Gateway, also these IP should not be exists on the internet! The best configuration to leave it empty.
2-if you rename the BarbaTunnel.ini without recompiling ....
The problem exists for unsuccessful installation of BarbaService, if you start BarbaTunnel via BarbaMonitor it will not run BarbaTunnel in the same folder, instead it signals BarbaService to run it and sometimes BarbaService from older version got the signal. So try to always remove older versions. Unfortunately currently I have not any plan for it.

I didn't understand your first paragraph, did you success with L2TP or SSTP?
L2TP should work because the default configuration uses HTTP Tunnel same as PPTP but SSTP uses simple TCP Redirect by default so perhaps it should not work. You can configure SSTP to use in HTTP Tunnel too.
I didn't check L2TP recently, do you think I forgot to add some protocol in GrabProtocols?
Regards
Jun 5, 2013 at 8:52 AM
i can connect to only pptp using barba . ( our ISP network is very restricted - all VPNs are blocked ... gre udp packets are blocked and so on ... ) but with your barba and PPTP i am fine now.
l2tp doesnt work , i dont know why . l2tp configuration on my server is correct , as i can connect to it using other windows VPS . ( i can connect to normal l2tp without barba , from usa win vps 1 to this usa win vps server 2 which i installed barba in it. )

in my barba config folder i have 2 files , HTTP-Retunnel.ini , and SSTP-Redirect.ini , i deleted the other 2 ini files as they didnt seem to be used at all.
in my HTTP-Retunnel.ini , i have this as i read in your wiki .

GrabProtocols=GRE:*,TCP:1723,TCP:443,TCP:1701,__UDP:*,__IGMP*,GGP*,PUP:,IDP:,ND:*
so it should grab all l2tp udp ports , i also tested with default 4 config files , which didnt work too :D

in my SSTP-Redirect.ini , i have defaults :
GrabProtocols=GRE:*,TCP:1723,TCP:443,UDP:443,UDP:1701,TCP:1701,UDP:500,UDP:4500

if you could have 1 ini for configs which does all the job/all protocols it would be better , it is confusing which ini is working , if we dont set "ConfigFileName="
Coordinator
Jun 5, 2013 at 9:10 AM
Edited Jun 5, 2013 at 9:13 AM
in my HTTP-Retunnel.ini , i have this as i read in your wiki .
GrabProtocols=GRE:*,TCP:1723,TCP:443,TCP:1701,__UDP:*,__IGMP*,GGP*,PUP:,IDP:,ND:*
Where I wrote this?! Let me know the link so I can fix it. It should be
GrabProtocols=GRE:*,TCP:1723,ESP:*,UDP:1701,UDP:500,UDP:4500
You can also delete SSTP-Redirect. It just changes port and simple re-encryption to remove SSTP finger print and make it look as simple TCP connection.
You can re-tunnel SSTP to HTTP-Tunnel by simply adding 443 port to grab protocol of HTTP Tunne.ini
GrabProtocols=GRE:*,TCP:1723,ESP:*,UDP:1701,UDP:500,UDP:4500,__TCP:443__
So delete or disbale SSTP-Redirect.ini and add set following GrabProtocols in HTTP Tunnel, let me know the result
GrabProtocols=GRE:*,TCP:1723,ESP:*,UDP:1701,UDP:500,UDP:4500,TCP:443
if you could have 1 ini for configs which does all the job/all protocols it would be better , it is confusing which ini is working , if we dont set "ConfigFileName="
It depend to GrabProtocols and server ip address, if more than one config match then BarbaTunnel pick one of them by random. You can find the choosed one in Report log.
Cheers
Coordinator
Jun 5, 2013 at 9:14 AM
Hi,
It looks CodePlex discussion remove the stars I wrote here, so I fix previous post and also pot GrabProtocols here again:
GrabProtocols=GRE:*,TCP:1723,ESP:*,UDP:1701,UDP:500,UDP:4500,TCP:443
Regards
Jun 5, 2013 at 10:40 AM
Edited Jun 5, 2013 at 10:48 AM
hi , thanks for answering , i already had tcp:443 in http-redirect.ini , and i know tcp:1701 is nothing related to l2tp i saw it in another forum.
i have rebooted the server windows , and my client windows and now l2tp works via barba too :D ( with my old config )
about the rest , i added esp:* as u said.

is there any difference if i send all udp:* to barba , instead of those 3 l2tp ports that u suggest ?

i now have this :
GrabProtocols=TCP:443,TCP:1701,TCP:1723,ESP:*,GGP:*,GRE:*,IDP:*,IGMP:*,PUP:*,ND:*,UDP:*
and both pptp and l2tp are working fine .
for sstp i think i should get a international verified ssl license for my domain to work better .

i have done some speedtest.net checks , and speed rates are decreasing a little bit ( loosing around 128kbps ) , and pptp speed is better than l2tp for me .

thank you and i hope some day windivert getting a verified license.
Coordinator
Jun 5, 2013 at 11:11 AM
Edited Jun 5, 2013 at 12:10 PM
Hi, Sorry but your English is not good enough.

By the way would you JUST add the following protocols and let me know the result, I need to make sure I set right protocol in default config files. Make sure correct BarbaTunnel running, remove all old versions.
GrabProtocols=GRE:*,TCP:1723,ESP:*,UDP:1701,UDP:500,UDP:4500,TCP:443
.
if i send all udp:* to barba , instead of those 3 l2tp ports that u suggest ?
It is not recommended because you may disable some functionality, for example you may suddenly RDP, DNS request to your server, or many kinds of services. I recommend you to help me to find best optimized ports and protocols.

.
for sstp i think i should get a international verified ssl license for my domain to work better .
You can create a self-singed certificate your self, check following document:
How to setup and configure SSTP VPN tunnel on Windows Server 2008 to share internet traffic?

.
i hope some day windivert getting a verified license.
It already done, download BarbaTunnel 7.2 now.
Jun 5, 2013 at 4:54 PM
Edited Jun 5, 2013 at 5:10 PM
BarbaCoder wrote:
in my HTTP-Retunnel.ini , i have this as i read in your wiki .
GrabProtocols=GRE:*,TCP:1723,TCP:443,TCP:1701,__UDP:*,__IGMP*,GGP*,PUP:,IDP:,ND:*
Where I wrote this?! Let me know the link so I can fix it. It should be
i forgot to give you the link : 
https://barbatunnel.codeplex.com/wikipage?title=config.ini&referringTitle=Documentation
look at "GrabProtocols" part . 



It already done, download BarbaTunnel 7.2 now.
wow great news , its less than a week i saw your project , i first installed 7 couldn't use it , when 7 didnt work for me at first , i installed version 6.4 as other forums said about its config , when that worked , i tested 7 again and now 7.2 is out with full windivert :D great job.

You didn't clearly say we must only use ".net frame work version 4.5" and even if we have .net frame work 3 or 3.5 , we must update it to 4.5 .
i had .net framework 3.5 at first on my win2008 R2 , but it didnt work , when i updated it to .net framework 4.5 everything started working fine. later after reading many forums and getting it to work , i saw that you already wrote ".net framework V4,5" in barba requirements in the right column of its page. :|


i am testing 7.2 with default configs and will let you know soon . tnx
Jun 5, 2013 at 6:40 PM
i have tested barba 7.2 on my server , and 2 clients , win 7 sp1 64bit , and win8 64 bit , both work fine for pptp and l2tp .
i have default config of BarbaTunnel.ini , and for tunnel configs , i just have one HTTP-Retunnel.ini with grab as you said in it :
GrabProtocols=GRE:*,TCP:443,TCP:1723,ESP:*,UDP:1701,UDP:500,UDP:4500
but when i set
HttpRequestMode=Bombard

both win 7 and 8 , fail to connect to both pptp or l2tp . how can i test tcp tunnel too ? ( i want to test for its speed reduction )

thank you.
Coordinator
Jun 5, 2013 at 9:50 PM
Hi

I didn't understand it fail because of Bombard or because of GrabProtocols! So is finally l2tp working with following protocol with empty HttpRequestMode or not?
GrabProtocols=GRE:*,TCP:443,TCP:1723,ESP:*,UDP:1701,UDP:500,UDP:4500
Bombard mode is more standard but slower, let me know the BarbaMonitor log and error messages.

.
how can i test tcp tunnel too
TCP Tunnel should be same speed of HTTP Tunnel with HttpRequestMode=Normal, TCP Tunnel may be blocked by the way you can force HTTP Tunnel to be TCP Tunnel by setting HttpRequestMode=None

Regards
Jun 6, 2013 at 10:30 AM
both pptp & l2tp will work with
HttpRequestMode= ( empty ) or
HttpRequestMode=Normal

both pptp and l2tp will fail with
HttpRequestMode=Bombard .

shouldn't i have the config file for TCP-Retunnel.ini for having Bombard to work ?
i am asking because in my config directory i just hold 1 ini config of HTTP-Retunnel.ini , and i have deleted the other 3 ini config files.

today internet speed is a little better and Bombard mode is also working ! here is the log :
14:51:01> BarbaCourier: TID:  b24, SessionId: bcb24033, HTTP Bombard GET added. Port: 8080, Connections Count: 5.
14:51:01> BarbaCourier: TID:  b24, SessionId: bcb24033, Connection is ready to send the actual data. TransferSize: 10404 KB.
another question is that i see that 7.2 is hiding client IPs , i have some port scan attemps/attacks on my windows vps , and i could block them with the logs of barba but now it doesn`t show the IP.
14:51:01> HttpHost: TID:  768, New incoming connection. ServerPort: 8080, __ClientIp: #.#.#.17__.
does it have an option to show or hide the IP ?
Coordinator
Jun 6, 2013 at 10:43 AM
Shouldn't I have the config file for TCP-Retunnel. In for having Bombard to work ?
No, TCP Tunnel with Bombard HttpRequestMode is exactly same as HTTP Tunnel with Bombard HttpRequestMode.
You can just ignore HTTP-Tunnel and just control the behavior with HttpRequestMode in TCP Tunnel. The ONLY difference is the default value for HttpRequestMode.
  1. The default value of HttpRequestMode in Http Tunnel is "Normal"
  2. The default value of HttpRequestMode in Tcp Tunnel is "None"
    If you specify HttpRequestMode then there will be exactly no difference with TCP Tunnel and HTTP Tunnel. HTTP Tunnel is TCP tunnel that has HTTP Request.
Today internet speed is a little better and Bombard mode is also working ! here is the log :
Glad to hear it.

.
Does it have an option to show or hide the IP ?
Yes, check it here: LogAnonymously in barbatunnel.ini
I add it just because to keep identity of people when going to report an issue in public.
Regards
Jun 6, 2013 at 1:06 PM
thanks , i have tested another things and here is the result for my current internet situations :
( here it is election time and they have ruined internet all over the country in all ISPs - every vpn even non-standards like kerio is blocked , UDP GRE , vpn ports 1723 1701... are blocked. keepalive connections are droped after 2 3 min , and internet speed for ssl and special ports are highly limited , and they read every un encrypted header packets ! )

i have tested
HttpRequestMode=None so that it use TCP tunnel as you said , it worked and speeds were almost the same as http normal mode.(speed reduces around 128-256kbps).
then i disabled HTTP-Retunnel.ini with enabled=0 in both server and client.
then enabled TCP-Retunnel.ini config file,
Enabled=1
Mode=TCP-Tunnel

and client could connect PPTP vpn using tcp-tunnel , but speed was very low , pages loaded incomplete . and after sometime the connection lost the ping .
i have tried 3 4 times and the results was the same ,
so TCP-tunnel channels in barba are somehow working different than http tunnel with TCP mode.
Jun 7, 2013 at 8:19 PM
.net frame work 4.5 which is needed by barba , cannot be installed on windows server 2003 ( 32 bit ) .
so barba service and barba monitor wont work in windows server 2003 32bit sp2.

but i could use x86 barba in a cmd and it worked after installing winpk filter and .net framework 4.0
windows server 2003 32bit sp2 , veriosn 5.2.3790
Coordinator
Jun 7, 2013 at 8:22 PM
Hi
BarbaTunnel.exe does not need any >NET Framework. You can run it in windows server 2003 ( 32 bit ).
Regards
Jun 9, 2013 at 5:06 AM
Edited Jun 9, 2013 at 5:14 AM
hi , i have another question , how can i add more file extentions , for example adding files like tar.gz which is not common that much or .7z ?
i have seen that the zip.header in templates folder is encoded .
or how can i change the file name 350x350.jpg to other file names maybe they detect such default file names in firewalls.

also i have a problem with barba and that is sometimes it doesnt send or recieve anything on the pages that is used too much , like speedtest google or facebook. i have deleted the browser cache and cookies and it didnt solve this issue , tried other browsers like firefox or IE and they couldnt open those webpages too.
but at the moment of problem it can open other pages like the current website.
i even tried disconnecting the vpn and start stopping the barba and it didnt solve the problem either.
have u faced such issue ?
i am testing on server : win2003 ( winpk filter ) and client : win7 64bit ( winroute ) barba7.2

stoping the barbatunnel.exe in server and running it again solves this issue and those pages load again.
Coordinator
Jun 9, 2013 at 8:43 AM
Edited Jun 9, 2013 at 8:47 AM
Hi
how can i change the file name 350x350.jpg to other file names
Check is BarbaTunnel website blocked from your side or not (barbatunnel.codeplex.com), if not then I don't think that they block the header files, the header files are very common and regular. By the way you can change them as you like by overriding file. To add other files you should:
  1. Add a header file such as "7z. header" in template folder
  2. Add MIME type in "ContentType.txt" such as 7z=application/zip
  3. Add FakeFileTypes=7z to HTTP config.ini
You can change HTTP request templates, just open them and use following variable:
  • {filename}: will be replaced with <random>.<extenstion> such as 35et8647.7z
  • {filentitle}: will be replaced with <random> such as 35et8647
  • {fileextension}: will be replaced <extenstion> such as 7z
  • {data} should be exist somewhere in the template
  • Never remove Content-Length from HTTP template
.
also i have a problem with barba and that is sometimes it doesnt send or recieve anything on ....
Yes, I face same issue too, but I think the issue is not relate to BarbaTunnel, because BarbaTunnel doesn't know about cashing, web-site IP address, request and any other data so there should not be any difference. VPN already encrypt and chunk the packet, so if there is any bug in BarbaTunnel, then all navigation and connection should be dropped. There is impossible for BarbaTunnel to prevent some some site open and some site not, BabaTunnel can completely drop the connection between client and server, BarbaTunnel chouldn't partially raise and issue. Maybe I didn't set proper VirtualIpRange, not have more idea.
I think there is some issue in VPN or NAT from server side or client VPN conflicting network route specially when you have many adapters. For example sometimes my issue has been solved when I turn-off my desktop VMWare machine.
Please let me know if you find the issue.
Regards
Jun 9, 2013 at 10:12 AM
Edited Jun 9, 2013 at 10:14 AM
thanks for complete information , i saw most of it and understood ,
when i look inside the "jpg.header" and "zip.header" they have different content ,
how can i encode a file content like them , can i copy zip.header to 7z.header for example? i have searched this morning for standard header file templates in apache or linux but didnt find anything related.

also as i saw the server always using 350x350.jpg , shouldn`t it use jpg and zip in a random ? once x.jpg then y.zip for example.

the server has 1 network interface , but my win 7 has so many adapters as i have tested many tunnels till now and none is working like barba :D or they are blocked by the government.
i use the server for my self and so there is not any other clients connecting to it and there is not too much traffic that causes route issues or ip range issues.
cant you set the local ip range on 192.168.0.0/16 ? as vmware uses the low ip ranges like 5.x.x.x and 10.x.x.x and i had some server went down for ip conflict of the low ip ranges with vmware or citrix xenserver.
( i had a customer that he set the iprange of 5 or 10 on its vm network , and caused the whole server to go down . i rebooted the server and again when i turned that vm on , the server goes down again and i should use kvm server console to reboot server or turn off that vps to bring the whole server up again ! )

i will show the problem to some of my programmer/network admin friends and will tell you if i find the cause of the issue.
Coordinator
Jun 9, 2013 at 10:44 AM
Edited Jun 9, 2013 at 10:54 AM
Hi
how can i encode a file content like them , can i copy zip.header to 7z.header for example?
jpg.header and zip.header is just 2KB byte if a JPEG and zip file.
It is so simple to create one, just choose a file from your computer then keep first 2 or 3 kb and delete the rest, I think you need a binary file editor like hex workshop.
Let explain more, BarbaTunnel try to act as normal HTTP request, What HTTP request does? It upload and download files, so BabraTunnel request to upload file exactly same as what browser do, it is impossible to find the difference till now, then server reply the file, but the file data is not really JPEG or a zip file because. The difference is the header file, so we send the header of first then the rest is our packet.
(File)=(header)(rest)
In this case if someone check what you download it will see a jpg while, he only possible to know it is wrong file when file download completely, then he should open the file and see, OH it is some damaged image!
By the way I don't know any firewall yet who checks the file, it's very time-consuming and nearly impossible, you can even turn off sending file header.

The only way to detect HTTP tunnel is to spend much resource and estimate the transfer rate & threshold, but Download Server, Proxy Server & Cash server may interrupt BarbaTunnel too without detecting http tunnel because our file is not ready. But BarbaTunnel offer "BombardMode" that should work in all cases, I don't have any idea yet that how a machine can detect it :). The cost is overhead, Bombard mode have near 50% overhead, but working fine.
Please note that in default configuration, the Bombard mode is off.

.
cant you set the local ip range on 192.168.0.0/16
No, BarbaTunnel does assign any IP in the client, but in server it assign an Invalid IP outside of network range to force the return packet route to the gateway so Packet Filter capture it before leaving the machine, you can configure it in VirtualIpRange of server barbatunnel.ini.
VirtualIpRange should be range outside of your network IP and Should not be range of valid server in the word. BarbaTunnel capture all outgoing traffic to VirtualIpRange in server and treat them as Tunnel Response.
Jun 9, 2013 at 5:39 PM
Edited Jun 9, 2013 at 5:40 PM
hi thank you very much for complete answers. :x
about local ip as u surely know 192.168.x.y is a virtual local ip range like ip 10.x.y.z itand is not valid on internet . maybe some routers use it but default . but it may not cause conflict on vmware .

IPv4 private addresses
24-bit block (/8 prefix, 1 × A) 10.0.0.0 10.255.255.255 16777216
20-bit block (/12 prefix, 16 × B) 172.16.0.0 172.31.255.255 1048576
16-bit block (/16 prefix, 256 × C) 192.168.0.0 192.168.255.255 65536

http://en.wikipedia.org/wiki/IP_address

here they read every http header and this caused reduce in internet speed in all country ISPs. so i want to have file headers active , if the file names was random like the way its size is , it could be very better and may solve the issue of cache servers i think.
Coordinator
Jun 9, 2013 at 8:19 PM
Hi
The important thing about virtual IP in barbatunnel is that it should not be in local IP range, because if you set an LocalIP packet will not leave adapter and PacketFilter may not grab it. Actually I assign a virtual IP with completely different approaches rather than normal application. A standard application creates listener on LocalIP usually 192.168. x. x but currently the Virtual IP in BarbaTunnel should not be range of Local System.
You should just change VirtualIpRange of server barbatunnel.ini only when the default 10.207.x.x is in the range of one of your adapters in the server.
Regards
Jun 10, 2013 at 8:51 AM
Edited Jun 10, 2013 at 8:52 AM
on my windows server 2003 , when i dont set virtual ip range i get network lost after some time. but when i set a small range it works without any disconnections.

this looses network route after some time :
VirtualIpRange=
or
VirtualIpRange=10.168.100.10-10.168.200.250


but it works fine :
VirtualIpRange=10.168.166.10-10.168.167.250
Coordinator
Jun 10, 2013 at 8:58 AM
Thank you for sharing your experience.
Would you check other range such as:
VirtualIpRange=10.169.100.10-10.169.200.250
Jun 10, 2013 at 10:20 AM
Edited Jun 10, 2013 at 10:20 AM
it seems to be working fine as it is more than 20 minutes i'm connected and i'm downloading at max speed with it.

i dont use 10. or 10.168 range anywhere , and this is a new windows installed for testing barba only and no other programs installed to cause conflicts.
do you think the problem is that something causes confilcts with 10.168 range ?
Coordinator
Jun 10, 2013 at 10:37 AM
I really don't know,
Mine works for 1 week with default IP without restart or turn my computer off.