Home      Download     SSH Accounts     How To      Uses      Specs     FAQ     Forums     Contact  Technical Specifications for Safe Passage v1.0 One (1) mouse-click to tunnel all of your TCP/IP traffic over an encrypted tunnel (click for details) Tunnels ALL TCP/IP traffic AND DNS Requests, including Windows Filesharing, Email, and ALL other TCP/IP applications. (click for details) Uses the (open standard) SSH2 Protocol, Encryption, and Authentication. (click for details) Accepts user-entered password or PuTTY Agent (pageant) public-key authentication. (click for details) DNS over TCP/IP??? (click for details) Support for HTTP or SOCKS Proxy Servers (click for details) Support for Internet Connection Firewall on Windows XP, or other personal firewalls. (click for details) Details: One (1) mouse-click to tunnel all of your TCP/IP traffic over an encrypted tunnel (Back to Top) Safe Passage is designed to seamlessly tunnel ALL-OR-ANY of your TCP/IP and DNS traffic over SSH. Once Safe Passage is started, you will only have to click your mouse once to begin securely tunneling ALL of your TCP/IP and DNS traffic. If you wish, you can optionally "tweak" which TCP/IP and DNS traffic should be tunneled using the Safe Passage interface. Safe Passage Tunnels ALL-OR-ANY TCP/IP traffic AND DNS Requests, including Windows Filesharing, Email, and ALL other TCP/IP applications: (Back to Top) Safe Passage intercepts raw Ethernet packets between your Microsoft WindowsTM Operating System and your Ethernet card. The best competition uses a technique called "Winsock Helpers". The problem with Winsock Helpers (otherwise knows as Winsock API Hooks) is that not all applications use the Winsock API that Winsock Helpers inter-operate with. For instance, Windows Networking (filesharing), Windows DNS, most Database Clients, and many other TCP/IP applications DO NOT use the Winsock API. Therefore, a VPN client using Winsock Helpers cannot dynamically tunnel traffic coming from those applications. With Safe Passage, neither your Microsoft WindowsTM OS, nor your physical Ethernet Adapter, have any idea that Safe Passage is interacting with their traffic. This allows ALL TCP/IP applications to function normally (without any re-configuration,) and still have their traffic sent via an SSH Tunnel (including Windows Networking (filesharing), Windows DNS, most Database Clients, and many other TCP/IP applications.) Safe Passage uses the (open standard) SSH2 Protocol, Encryption, and Authentication. (Back to Top) SSH2 (Secure Shell version 2) is currently trusted by many institutions (e.g. NASA) to secure Internet connections to servers (running Linux, *BSD, Solaris, AIX, Microsoft WindowsTM, and many more!) SSH2 can use a number of encryption algorithms, most of which are believed to be "un-crackable". For more information about the SSH Protocol, start with a Google Search for "SSH". Safe Passage accepts user-entered password or PuTTY Agent (pageant) public-key authentication.: (Back to Top) Safe Passage uses an SSH client that is compatible with the open-source PuTTY Project (link). A user can either: Type their password into Safe Passage each time they connect to an SSH2 host, or... The PuTTY Project offers a public-key SSH authentication management utility called "pageant.exe" that can automatically provide Safe Passage with encrypted keys for public-key SSH2 authentication. See the Safe Passage documentation for more information. DNS over TCP/IP??? (Back to Top) Safe Passage simulates DNS responses to DNS queries made by the client computer. Safe Passage uses a proprietary process to reply to DNS queries with "fake" DNS responses supplying "fake" IP addresses, and then forwards all TCP/IP traffic sent to those "fake" IP addresses via an SSH tunnel configured to connect to the DNS host name originally queried by the DNS request. DNS queries for host names configured for DNS tunneling are destroyed before being sent over the physical network. Support for HTTP or SOCKS Proxy Servers: (Back to Top) Proxy/SOCKS server support is a newly added Safe Passage feature. You will likely need to get the proper configuration settings for using your Proxy/SOCKS server from your network administrator. This feature has only been tested with a few Proxy/SOCKS servers (there are hundreds available from various vendors/groups.) If you experience problems, you should post to the appropriate Vast Range Forum. *Note - most HTTP Proxy servers only allow encrypted traffic to servers on port 443 (the port that secure webservers use.) If you are using an HTTP Proxy, then your SSH server will probably have to be configured to work on port 443. Support for Internet Connection Firewall (ICF) on Windows XP, or other personal firewalls. (Back to Top) Safe Passage requires that your computer believes that it is receiving traffic from Internet hosts. If your are using ICF (or any firewall,) it must be configured to work correctly with Safe Passage. Safe Passage will automatically configure ICF...ICF will ask your permission soon after Safe Passage is started. If you use another personal firewall, the easiest solution is to configure that firewall to allow any traffic coming from the IP address: 2.2.2.2 (if necesary, network mask should be 255.255.255.255) If you experience problems, you should post to the appropriate Vast Range Forum. Note - Safe Passage blocks any appropriate traffic long before it reaches your personal firewall. as VPN for Privacy Through Firewall as VPN for Privacy Through Firewall