Pingtunnel is a last-resort tool you can try when almost all TCP/UDP traffic is blocked. It transmit packets to a proxy server using ICMP (the ping protocol). The proxy server then reconstitutes the TCP/UDP traffic and forwards it to the intended destination. The server in this tutorial runs Debian or Ubuntu Linux. The client is a Windows 11 PC.
Before you begin, you will need:
Open your server firewall to accept ICMP input.
Normally a server will automatically respond to a ping echo request. You must inhibit this response.
SSH into your server as root.
Edit the system control configuration file:
vi /etc/sysctl.d/10-noecho.conf
Add the following line:
net.ipv4.icmp_echo_ignore_all = 1
Save the file.
Enforce this setting immediately by issuing the command:
sysctl -p /etc/sysctl.d/10-noecho.conf
In a browser on your PC, visit the https://github.com/esrrhs/pingtunnel/releases page, and determine the latest build of pingtunnel. Download pingtunnel_linux64.zip for that release. For example, if the build number is 233, then issue the command:
wget https://github.com/esrrhs/pingtunnel/releases/download/master-5cd6e4ac2c40c5865e62e6d16a952a5be470a5db/pingtunnel_linux_amd64.zip
Extract the binary from the zip file:
apt install unzip -y
unzip pingtunnel_linux_amd64.zip
Copy the binary into a directory in your execution path:
cp pingtunnel /usr/local/bin
Generate a strong password of length 192 bits (24 bytes) with this command:
openssl rand -base64 24
The 24-byte key can be expressed as 32 base-64 characters. You will obtain a result that looks like this:
39YTKYYwZn89YsHcp7LvWOS465IFNqZG
Create a systemd service file for Pingtunnel:
vi /etc/systemd/system/pingtunnel.service
Insert contents as shown below:
[Unit]
Description=Pingtunnel Server
After=network.target
[Service]
ExecStart=/usr/local/bin/pingtunnel -type server -encrypt aes256 -encrypt-key "39YTKYYwZn89YsHcp7LvWOS465IFNqZG"
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
Save the file.
Start Pingtunnel after every reboot, and also start it right now:
systemctl enable pingtunnel
systemctl start pingtunnel
Check that Pingtunnel is active (running) and that there are no error messages:
systemctl status pingtunnel
journalctl -u pingtunnel
In a browser on your PC, visit the https://github.com/esrrhs/pingtunnel/releases page, and determine the latest build of pingtunnel.
Download pingtunnel_windows_amd64.zip for that release.
Once you have the zip file, unzip it to get the executable.
In some Windows installations, you may need to stop Windows from automatically deleting the .exe file.
pingtunnel.exe file.If Windows has already deleted the pingtunnel.exe file, you may need to re-extract it from the zip file.
Alternatively, you can restore pingtunnel.exe from quarantined items:
pingtunnel.exe, and choose Restore.Open a Command Prompt window with Run as Administrator.
Change into the directory with pingtunnel.exe in it. For example:
cd C:\Users\your-windows-user-id\Downloads\pingtunnel_windows_amd64
Issue the command below, replacing YOUR.SERVER.IP.ADDRESS and the encryption key by your actual values:
.\pingtunnel.exe -type client -l :10808 -s YOUR.SERVER.IP.ADDRESS -sock5 1 -encrypt aes256 -encrypt-key "39YTKYYwZn89YsHcp7LvWOS465IFNqZG" -nolog 1
Leave the window open with pingtunnel.exe running in it.
You need to configure Mozilla Firefox browser to send its requests via the SOCKS5 proxy listening on localhost port 10808.
Open Settings > General. Scroll down to Network settings (renamed to Proxy settings in some versions of Firefox).
Edit the proxy settings:
127.0.0.1.10808.