HOWTO Setup a Windows-VPN-tunnel with ZeBeDee

My problem

I found ZeBeDee many years ago and liked the simple approach of a VPN-tunnel. After using it for accessing different windows machines a problem arose with Windows 7.

Tunnel Basic Setup, Client Side

  1. Setup av loopback adapter:
    1. System->Control Panel->Add Hardware
    2. Yes, Hardware is already connected
    3. Add a new hardware device (at bottom of list)
    4. Install the hardware that I manually select
    5. Network adapters
    6. Microsoft , Microsoft Loopback Adapter
    7. (Go through the installation procedure.)
  2. Enter a fake address, e.g. 192.168.192.168 (255.255.255.0)
    1. Open your new fake ethernet adapter (Network Connections)
    2. Disable all but TCP/IPv4, as image show on right.
    3. Click on properties for TCP/IPv4.
    4. Enter your chosen IP address (192.168.192.168), subnet mask (255.255.255.0), and nothing else
    5. Under advanced->WINS, Disable NetBIOS over TCP/IP
  3. Download ZeBeDee to the Client
  4. Unzip into a folder, I use C:\Programs\ZeBeDee
  5. Edit the config file C:\Programs\ZeBeDee\SERVERNAME_client.zbd
    ####
    # Zebedee client configuration file
    verbosity 1
    detached false	# (false for service)
    
    # Client mode
    server false
    serverport 8080
    
    # serverhost SERVERNAME.domain.tld, this is the server-adress
    serverhost 1.2.3.4
    
    # ZBD-Loopback connector for SERVERNAME, the one installed above, you need one for each server...
    listenip 192.168.192.168
    
    ipmode both	# Operate in mixed TCP/UDP mode
    compression zlib:9	# Allow maximum zlib compression
    keylength 256		# Allow keys up to 256 bits
    keylifetime 36000	# Shared keys last 10 hours
    keygenlevel 2	# Generate maximum strength private keys
    maxbufsize 16383	# Allow maximum possible buffer size
    
    logfile 'c:\Programs\Zebedee\SERVERNAME_client.log'
    #
    include 'c:\Programs\Zebedee\COMPUTERNAME.key'
    
    # Setup tunnels
    tunnel 445/tcp:*:445     # SMB via tunnel
    tunnel 3389/tcp:*:3389   # Remote Desktop via tunnel
    
  6. Install ZeBeDee as a service C:\Programs\ZeBeDee\SERVERNAME_client_install.cmd
    c:
    cd \programs\zebedee
    zebedee -n "ZeBeDee-SERVERNAME-p8080" -Sinstall=c:\programs\zebedee\SERVERNAME_client.zbd
    
    rem zebedee -n "ZeBeDee-SERVERNAME-p8080" -Sremove
    
  7. Start the "ZeBeDee-SERVERNAME-p8080" service.
    IF you need to map a network drive to the server, (the tunnel 445/tcp:*:445 row above) you need to Disable the Port445

    Disable Port445

    If you disable 445, your client can not act as fileserver from clients with netbios over tcp/ip disabled!

    Method 1

    I found the below method the easiest one.
    1. Set the Server Service to Start to Automatic Delayed:
    2. Set the ZeBeDee to Start to Automatic:
    3. Reboot
    Now when server starts ZeBeDee already have 445 and the Server Service fall back to UDP 137,138 TCP 139.

    Method 2

    I used this registry script to shutdown 445 before
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
    "EnableDCOM"="N"
    "EnableRemoteConnect"="N"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
    "TransportBindName"=""
    "SmbDeviceEnabled"=dword:0
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters]
    "DisabledComponents"=dword:000000ff
    

    Check netstat -an to see that 0.0.0.0 does not bound to 445

    Tunnel Basic Setup, Server Side

    1. Download ZeBeDee to the Server
    2. Unzip into a folder, I use C:\Programs\ZeBeDee
    3. Use a config file C:\Programs\ZeBeDee\SERVERNAME_server.zbd
      ####
      # Zebedee SERVER configuration file
      #
      verbosity 0	# (0-5) Output to logg file, when everything ok set to 0...
      detached false	# (false for service)
      
      # Server mode
      server true
      serverport 8080
      
      # Some communcation parameters
      ipmode both	# Operate in mixed TCP/UDP mode
      compression zlib:9	# Allow maximum zlib compression
      keylength 256		# Allow keys up to 256 bits
      keylifetime 36000	# Shared keys last 10 hours
      keygenlevel 2	# Generate maximum strength private keys
      maxbufsize 16383	# Allow maximum possible buffer size
      
      # The Public key for the server
      include 'c:\Programs\Zebedee\SERVERNAME.key'
      
      # The logfile, adjust verbosity above
      logfile 'c:\Programs\Zebedee\SERVERNAME_server.log'
      
      # Private keys, se example
      checkidfile 'c:\Programs\Zebedee\SERVERNAME_clients.id'
      
      # no default redriection
      redirect none
      
      # Tip Use real IP instead of localhost for server
      # Setup ALLOWED targets SERVERNAME IP=192.168.0.11
      target 192.168.0.11:445,3389
      target 192.168.0.11
      
    4. Install ZeBeDee as a service C:\Programs\ZeBeDee\SERVERNAME_server_install.cmd
      c:
      cd \programs\zebedee
      zebedee -n "ZeBeDee-SERVERNAME" -Sinstall=c:\programs\zebedee\SERVERNAME_server.zbd
      
      rem zebedee -n "ZeBeDee-SERVERNAME" -Sremove
      
    5. Start the ZeBeDee Service

    Use Tunnel, eg. map drive

    NET USE X: \\192.168.192.168\Shares

    Remember to use both allowed targets at SERVER and tunnel at CLIENT when adding ports.

    Private/Public Keys

    To generate a pair of keys you can use this C:\Programs\ZeBeDee\KeyIdGen.cmd
    set c=%1
    if "%c%"=="" set c=%COMPUTERNAME%
    
    cd c:\programs\zebedee
    zebedee -p >%c%.key
    zebedee -P -f %c%.key >%c%.id
    

    Remember to append the SERVERNAME_clients.id file with the row in COMPUTERNAME.id file.

    Example scripts above

    ZeBeDee_Example.zip

    Keywords

    zebedee,vpn,tunnel,445,139,port445,port139,net,map,use,smb,Win7,Windows7,WindowsXP,Windows2008