Encrypted Tunnelling Service for Linux and Windows


1.0 Introduction

WarpGate is a TCP/IP tunnelling service implementing a strong 256 bit encryption to create super secure Internet connections. It works with Linux and Windows and it can run as a normal application or as service/daemon. WarpGate is useful to create FTP, HTTP and TELNET encrypted connections in easy and transparent way.


1.1 How it works

WarpGate is able to manage more than one tunnels and each tunnel support more than one connection at the same time. It's substantially a port forwarder with an embedded encryption algorithm that can be enabled or disabled by the user. It can accept local and remote connection or local connection only.

 WarpGate schematics

Two WarpGates installed in the local host and in the remote host encrypt the connection and decrypt locally the packets. The server application must be accessible by local connection only and if it doesn't have the direct support for the warp encryption protocol, it must be protected by a firewall.

2.0 Installation & usage

WarpGate is included in the VEGA ZZ package and it's not installed using the standard setup settings. If you need it and the other Internet utilities, you must choose Warp utilities for secure Internet connection during the VEGA ZZ setup. Some versions are available:

All Linux executables are linked with libc 6.0.

2.1 Tunnelling configuration

When WarpGate starts, the warpgate.ini file is read. This file must placed in the warpdata\cfg directory for all versions with the exception of the Linux service daemons that require the file in the /etc directory.
This is an example of a configuration file:

; WarpGate Configuration file
; Copyright 2006-2017, Alessandro Pedretti
; Source host  Source port  Destination host            Dest. port   Type  Key
; =========================================================================================================================================
  localhost    8000         myhost.mydomain.mycountry   7000         TCP   E7A9E51B6A99E4F0B691A8DE7EC79F6ABF92D547F5CFC2D48E8367E59FC299C6


The lines starting with the semicolon are remarks. Each uncommented line defines a tunnelling rule and the syntax is:

SourceHost    SourcePort   DestinationHost   DestinationPort   Type   Key


SourceHost   Source host (local host) address. It could be: DNS entry (e.g. host.domain.country), localhost (, all (all IP of the localhost).
SourcePort    This is the listening port: all connection to this port are forwarded to the DestinationPort of the DestinationHost.
DestinationHost   Destination host address. It cold be in a numeric IP address or an alphanumeric DNS entry.
DestinationPort   It's the remote port to which the connection is forwarded.
Type   It must be: TCP for generic TCP/IP port redirections (e.g. HTTP, TELNET, etc) or FTP for FTP client port redirection.
Key   It's the encryption key. It must be randomly generated with the WarpKeyGen software and it must the same for the client and the host. If this parameter is omitted, WarpGate works as port forwarder without encryption.


2.2.1 Configuration examples

Scenario: you want to do an encrypted connection to host.domain.country server with your client. Both client and server must have WarpGate installed and the warpgate.ini file containing the following lines:

Server configuration:

all       6000   localhost           80   TCP   1CE4BE8C4231DF51BCA90772CC579E0740A5FB5B44DAD7937AE201904D4E5416

Client configuration:

localhost 80     host.domain.country 6000 TCP   1CE4BE8C4231DF51BCA90772CC579E0740A5FB5B44DAD7937AE201904D4E5416

Connect to http://localhost to navigate the host.domain.country Web Site. Remember to lock the 80 port of host.domain.country with the your firewall.

Server configuration:

all       6001   localhost           5900 TCP   9BBFBD2F88A34D126C92F2061C17E008F62CF70480508A914CD964DB1F8C0DE0

Client configuration:

localhost 6001   host.domain.country 6001 TCP   9BBFBD2F88A34D126C92F2061C17E008F62CF70480508A914CD964DB1F8C0DE0

Connect with VNCviewer to localhost:6001  to manage host.domain.country. Remember to configure the VNC Server to accept local connections only, adding as IP and as mask and removing other permissions.

Server configuration:

all       6002   localhost           139  TCP   E6B8FFA6296CAF70817B7871A9C97DD46A087AF405884BCED150AEB7256D494A
all       6003   localhost           445  TCP   3265FB96DC375171F81E2E66B35F518CD86CF57FA2664806CEE01EF3F3E6E74B

Client configuration:

localhost 139    host.domain.country 6002 TCP   E6B8FFA6296CAF70817B7871A9C97DD46A087AF405884BCED150AEB7256D494A
localhost 445    host.domain.country 6003 TCP   3265FB96DC375171F81E2E66B35F518CD86CF57FA2664806CEE01EF3F3E6E74B

By default, it's impossible to map the 445 port on localhost because Windows is listening all 445 ports of all IPs including To fix this problem, you must disable the 445 port mapping on using the LocalSMB.exe for Windows XP, Vista and 7.


2.2 Running the Windows standard version

To run this version, select VEGA ZZ WarpProject WarpGate in the Start menu. The program starts in background without graphic interface, installing a small icon in the Windows try bar. Clicking on it with the right mouse button, the context menu is shown:


2.3 Running the Windows service version

A Windows service (used to be called NT service) is a console application, which does not have a message pump. A Windows service can be started without the user having to login to the computer and it won't die after the user logs off. The WarpGate service version works in background and it doesn't have the graphic interface. Before running it, it must be installed by selecting VEGA ZZ WarpProject WarpGate Service Install in the Start menu. To start the service, choose VEGA ZZ WarpProject WarpGate Service Start. Restarting the system, WarpGate is automatically executed as the other  services. If you want to stop the service, select VEGA ZZ WarpProject WarpTel Service Stop. Remember that when you reboot the system, WarpGate service is automatically restarted.
The service version uses the same settings of the standard one, but if you change them, you must stop (VEGA ZZ WarpProject WarpTel Service Stop) and restart it (VEGA ZZ WarpProject WarpGate Service Start). 
To uninstall the service, choose VEGA ZZ WarpProject WarpGate Service Uninstall.


2.4 Running the Linux standard version

This version can be executed as a normal Linux command typing warpgate in the command prompt. No command options are available.


2.5 Running the Linux daemon version

A daemon (or service) is a background process that is designed to run autonomously, with little or not user intervention. WarpGate (warpgated) can be started as Linux daemon when the system cam up, running in background. To configure the WarpGate daemon, you must follow these steps:


3.0 History


4.0 Copyright and disclaimers

All trademarks and software directly or indirectly referred in this document, are copyrighted from legal owners. WarpGate is a freeware program and can be spread through Internet, BBS, CD-ROM and other electronic formats. The Authors of this program accept no responsibility for hardware/software damages resulting from the use of this package. No warranty is made about the software or its performance.

Use and copying of this software and the preparation of derivative works based on this software are permitted, so long as the following conditions are met:


is an encrypted tunnelling service for Linux and Windows
Copyright 2006-2017, Alessandro Pedretti & Giulio Vistoli
All rights reserved.

Alessandro Pedretti
Dipartimento di Scienze Farmaceutiche
UniversitÓ degli Studi di Milano
Via Mangiagalli, 25
I-20133 Milano - Italy
Tel. +39 02 503 19332
Fax. +39 02 503 19359
E-Mail: info@vegazz.net
WWW: http://www.vegazz.net