Encrypt your connection with Zebedee

Introduction:

Zebedee is a tunneling program used to establish encrypted, authenticated connection over TCP/UDP protocol.  It is available for both Windows and Linux.  It can be downloaded from http://www.winton.org.uk/zebedee/download.html .

Network Setup:

Below is the network setup based on which the Zebedee tunneling is configured.

b1

Zebedee Installation:

Windows:

The Zebedee setup file will install the software by default in the directory C:\Programs\Zebedee. It can be used as either stand alone application or as a windows service.

Compilation in Linux:

The binaries for Zebedee are  available for download, in the website, in order to compile Zebedee from source, the following binaries have to be downloaded from the Zebedee website.

blowfish-0.9.5a.tar.gz
bzip2-1.0.3.tar.gz
zebedee-2.4.1A.tar.gz
zlib-1.2.3.tar.gz

All the tar files should be extracted in the same directory level and compiled like shown below.

$cd blowfish-0.9.5a
$make all
$cd ..
$cd bzip2-1.0.3
$make all
$cd ..
$cd zlib-1.2.3
$./configure
$make all
$cd ..
$cd zebedee-2.4.1A
$make OS=linux

Key Generation in Client:

The Zebedee does authentication and encryption based on the private and public key. A private and public key is generated in the client side and the public key id is transferred to server side. The Zebedee server can be configured to maintain a list of public key id id from different clients in a file. During the initial connection from client to server, this file will be looked up by the Zebedee (server) process for authentication. This functionality can be specified in the configuration files (in both server and client).

Creating keys in Client (Windows):

Client side private key is generated using the following command.

C:\Programs\Zebedee> zebedee.exe -p > mywin.key

Server side public key is generated using the following command.

C:\Programs\Zebedee> zebedee.exe -P -f mywin.key > mywin.id

The file “mywin.id” has to be transferred to the server zebedee client id list.

Adding public keys to Server’s Client ID List( Linux):

All the public keys from different clients are concatenated to a single file in a list. The file is the specified as  “checkidfile ‘./clients.id’” in the server side configuration file.

 $cat mywin.id>> clients.id

Configuration Files:

Server.zbd:
verbosity 2     # Slightly more than basic messages
detached false  # You will probably want this 'true' for normal
server true        # Yes, it's a server!
ipmode both     # Operate in mixed TCP/UDP mode
compression zlib:9      # Allow maximum zlib compression
keylength 256           # Allow keys up to 256 bits
keylifetime 36000       # Shared keys last 10 hours
maxbufsize 16383        # Allow maximum possible buffer size
keygenlevel 2   # Generate maximum strength private keys
checkidfile './clients.id'
redirect none
target localhost
Client.zbd:


verbosity 2
 multiuse true
 logfile './client.log'
 server false
 compression zlib:9
 keygenlevel 2
 serverhost 172.22.22.61
 include "mywin.key"

Zebedee Tunneling Setup:

Server Side Setup:

In order to authenticate and encrypt the request from all the Zebedee clients the below command has to be used.

$zebedee -f server.zbd 172.22.22.61

Client Side Setup:

Assuming that in the server side the service is offered in the TCP port 2000. The tunnels can be created for each client application using a different local port.

 
C:\Programs\Zebedee>zebedee.exe -f client.zbd 8000:172.22.22.60:2000

This command will create a encrypted tunnel, it can be tested either using telnet or an application specific client

C:\Programs\Zebedee>zebedee.exe -f client.zbd 8001:172.22.22.60:2000
telnet 127.0.0.1  8001

Leave a Reply

Your email address will not be published. Required fields are marked *