--------------------------------------- School Proxy August 2nd, 2019 --------------------------------------- Firstly, sorry I haven't phlogged in a while! I'm going to start posting more regularly. For many years, the bane of all students has been their school's website blocking mechanism. The continual task of the tech-savvy students has been to bypass it. My school's proxy mainifests itself as the form of a http proxy. Any non-internal traffic that does not go through this proxy gets blocked. (When I ping it says "Packet filtered"). You connect to this proxy with your normal school credentials; they use some kind of LDAP system. Now, I wouldn't be trying to bypass it if I didn't have a problem with it. My problem with it is: #1. It blocks SSH. #2. It blocks heaps of useful websites. StackOverflow, most other coding websites, and a whole lot of useful and educational (non-programming-related) blogs are blocked. Often, when researching for a subject, I find that in the first page of search results up to 3/10 are blocked (mostly blogs). #3. It blocks tildes and gopher proxies. Over the last year, I've tried numerous methods to get past it. Most recently, I was using MiniProxy on tilde.team (one of the few unblocked tildes), but unfortunatley tilde.team got blocked. This also did not get around the SSH issue and broke many websites such as youtube. I looked around for some sites and after talking to a few people on IRC, I found that CodeAnywhere was unblocked. CodeAnywhere has a container feature, where you can run Ubuntu 16.04 in a container (abliet with limited resources). From there, I could SSH out to anywhere. However, it has an hour/day limit on the free plan, and dosen't unblock websites, which require a web browser. I used this for around a week before coming up with my (highly usable) solution. Unsatisfied, I kept searching around. Eventually, I stumbled upon LinuxZoo, a place that provides shell and VNC access to linux machines for testing, abliet with a time limit of 20 minutes. I thought I might use this along with codeanywhere to get past websites, but then I found that they don't have external network access! While LinuxZoo did not work for me, the VNC was fully done through the browser, using noVNC. This worked at school. My next thought was, how can I set up my own noVNC instance on an unblocked domain? I originally thought of setting it up on a tilde, but then it is too easy for them to just block off the tilde. I tried to think of a domain that it is going to be very difficult for them to block. While thinking about this, I remembered that I happened to have a 1 year free AWS t2.micro VPS. Connecting the dots, and getting the aws web address, (something).ap-southeast-2.compute.amazonaws.com, fufilled my solution perfectly. They can block my VPS, but I can just clone it to a new one, with a new address, and boom they have to find that one! They can't block *.ap-southeast... because many websites use it as their backend or storage, including the Department of Education themselves!!! I installed noVNC and a vnc server, locked it down so VNC access was only avaliable through a de-privilidged account and novnc wasn't running on root but still accepting requests on port 80 (iptables port forwarding ftw!). This is what I am using now and it is perfect! I've even ssh port forwarded KanBoard (what I use for tracking my homework) from my raspberry pi to this vps so I can log in my homework while at school. I still try to use the normal net when I can, to decrease the likelihood of detection. It also only has 1GB of RAM, so slows to a halt when I try to open more than around 6 tabs in firefox. I wish it was simpler! I'm dreading 14 August... they're changing the proxy system. Fingers crossed it still works, and Linux still works. Linux is a hell of trouble to work on the proxy! Catch you, ~fosslinux