DNSCrypt+ssh

Nov 23, 2014
Technology

Sometips for recording how to cross the greatfxxewall:

SSH

Use following command for forwarding your flow to remote machine:

alias enablexx='ssh -C -qTfnN -D 1395 root@xxx.xxx.xxx.xxx

xxx.xxx.xxx.xxx should be the machine outside of China.
Then in your browser set the proxy to 127.0.0.1:1395, while this is the socket proxy, so choose sock4/sock5 for configuration parameters.

DNS Cryption

For the DNS flow will be hijacked by greatfxxxewall, we have to encrypt all of the traffics for DNS Querying.

DNSCrypt is a piece of software that encrypts DNS traffic between the user and a DNS resolver, preventing spying, spoofing or man-in-the-middle attacks.
Install it via:

$ sudo pacman -S  dnscrypt-proxy

Then modify the /etc/resolv.conf content to:

# Generated by resolvconf
nameserver 127.0.0.1

Previously it would be 10.0.0.1, but after we enabled the DNS cryption, we will use our own dns server as in 127.0.0.1.
Note: In office I won’t change this file because the DNS is safe in ALU.

Start/Stop the service via:

### encrypt my dns flow
alias enabledns='sudo systemctl start dnscrypt-proxy.service'
alias disdns='sudo systemctl stop dnscrypt-proxy.service'

Above 2 lines has been written to ~/.zshrc, so everytime I just type enable/dis(dns) I could enable/disable the DNS encryption.

很惭愧，就做了一点微小的工作

DNSCrypt+ssh

SSH

DNS Cryption