Zebedee is a tunneling program used to establish encrypted, authenticated connection over TCP/UDP protocol. It is available for both Windows and Linux. It can be downloaded from http://www.winton.org.uk/zebedee/download.html .
Below is the network setup based on which the Zebedee tunneling is configured.
The Zebedee setup file will install the software by default in the directory C:\Programs\Zebedee. It can be used as either stand alone application or as a windows service.
Compilation in Linux:
The binaries for Zebedee are available for download, in the website, in order to compile Zebedee from source, the following binaries have to be downloaded from the Zebedee website.
All the tar files should be extracted in the same directory level and compiled like shown below.
$cd blowfish-0.9.5a $make all $cd .. $cd bzip2-1.0.3 $make all $cd .. $cd zlib-1.2.3 $./configure $make all $cd .. $cd zebedee-2.4.1A $make OS=linux
Key Generation in Client:
The Zebedee does authentication and encryption based on the private and public key. A private and public key is generated in the client side and the public key id is transferred to server side. The Zebedee server can be configured to maintain a list of public key id id from different clients in a file. During the initial connection from client to server, this file will be looked up by the Zebedee (server) process for authentication. This functionality can be specified in the configuration files (in both server and client).
Creating keys in Client (Windows):
Client side private key is generated using the following command.
C:\Programs\Zebedee> zebedee.exe -p > mywin.key
Server side public key is generated using the following command.
C:\Programs\Zebedee> zebedee.exe -P -f mywin.key > mywin.id
The file “mywin.id” has to be transferred to the server zebedee client id list.
Adding public keys to Server’s Client ID List( Linux):
All the public keys from different clients are concatenated to a single file in a list. The file is the specified as “checkidfile ‘./clients.id’” in the server side configuration file.
$cat mywin.id>> clients.id
Server.zbd: verbosity 2 # Slightly more than basic messages detached false # You will probably want this 'true' for normal server true # Yes, it's a server! ipmode both # Operate in mixed TCP/UDP mode compression zlib:9 # Allow maximum zlib compression keylength 256 # Allow keys up to 256 bits keylifetime 36000 # Shared keys last 10 hours maxbufsize 16383 # Allow maximum possible buffer size keygenlevel 2 # Generate maximum strength private keys checkidfile './clients.id' redirect none target localhost
Client.zbd: verbosity 2 multiuse true logfile './client.log' server false compression zlib:9 keygenlevel 2 serverhost 172.22.22.61 include "mywin.key"
Zebedee Tunneling Setup:
Server Side Setup:
In order to authenticate and encrypt the request from all the Zebedee clients the below command has to be used.
$zebedee -f server.zbd 172.22.22.61
Client Side Setup:
Assuming that in the server side the service is offered in the TCP port 2000. The tunnels can be created for each client application using a different local port.
C:\Programs\Zebedee>zebedee.exe -f client.zbd 8000:172.22.22.60:2000
This command will create a encrypted tunnel, it can be tested either using telnet or an application specific client
C:\Programs\Zebedee>zebedee.exe -f client.zbd 8001:172.22.22.60:2000 telnet 127.0.0.1 8001