Russian resources inaccessible from outside the country. Automatization of access to them, if you are working into Russia, but use foreign VPN.

Russian resources inaccessible from outside the country. Automatization of access to them, if you are working into Russia, but use foreign VPN.

·

3 min read

Living in Russia, it is come time to send all home traffic through a VPN via a foreign server. An additional 40 milliseconds being required to ping does not impact my everyday work but a new problem has appeared: state services and even some shops does not work from foreign IP addresses. I think that at this point it is much easier to list resources with are inaccessible from outside, than to list resources inaccessible in Russia. Problems and tasks.

  1. It is necessary to have a list of important Russian resources inaccessible from outside. I was not able to find such a list, but I did not spend much time on it.
  2. Registering the routes using my router turned out to be unpleasant and time-consuming work. Moreover, some services provide all their IP addresses through nslookup utility, which is good. But some of the services provide only one IP address, and every time it is different. Therefore, if someone registers a route, they may often need to repeat it after 5 minutes, half an hour or 24-hour day. A solution to this is to automate the process.

Solutions

  1. I have created the list and put it up on github in csv format with host names, category and subcategory fields included. It would also be beneficial to add streaming resources there too.
  2. It is necessary to have a program that can process the list of host names and that can send commands to a router in order to set the routes. Below is a list of specific requirements for the proposed program. The VPN connection is configured on Keenetic router. The router allows to setup static routes through ssh connection.

A projected algorithm for the program:

  1. Read the configuration data at start. If there is no configuration data – the program will ask for data from the user.
  2. The inaccessible resources hosts.csv file is parsed.
  3. The inaccessible private resources private_hosts.csv file is parsed (vpn-hosts for work, financial services etc.).
  4. A file with commands that are sent to the router is generated.
  5. Plink (a program from putty bundle), with router access parameters and a path for the ready command file is executed.

I am planning to move from pl/sql to java language, which is why I have decided to write the program in this language. Solutions to the issues which occurred during the writing of the program:

  1. There are resources that return only one IP address from many options for each request. If nslookup command returns only one IP address, it is necessary to repeat the command dozens of times.
  2. Any resource link may have a specific version which contains the www. prefix. An IP address featuring this prefix should be requested for every resource that does not start with www. In this way, we eliminate the need to write out hostnames more than once in the hosts.csv file.
  3. Another issue was that plink couldn’t send the file with commands to the router using -m parameters. However, after doing some research, I discovered that it can send commands directly one-by-one using a -batch parameter.

Now, the program has been written and I have automated the process and taken away the requirement to manually set-up routes. Further plans for development of the program:

  1. Perhaps repeatedly attempting to resolve the domain name issue is not the best approach. But does a more convenient method exist?
  2. A Keenetic router’s “IP route” command has an undocumented parameter: all the text that appears after ! at the end of the command is interpreted as description and it is displayed on the router's admin page. router admin page.png If we use a pattern for route configuration command from an external file, it will make the program more flexible and useful for other types of routers.