[clue-tech] VPN over Internet

[Jeremy Slade]

I've used ssh tunneling for years to get out of my company firewall.  I
use VNC forwarding over ssh for bi-directional access -- see my home
desktop(s) from work or work desktop from home.

Recently I setup another ssh tunneling situation with some different
requirements -- the remote system that I want to access from home is
actually a shared computer, so I don't want anyone using it to be able
to ssh to my home network.

For that case, I do the initial tunneling with a tunnel-only account:
user 'ssh-tunnel' on my home linux box is a non-login account so ssh
can't be used to run commands, but it does work for port-forwarding.
So the remote system initiates the tunnel w/ ssh-tunnel user, and that
stays connected all the time.  Then I can ssh back to the remote system
from my normal user account.  The ssh-tunnel setup also forwards VNC for
remote access.

The remote system is WinXP, running openssh sshd on cygwin.  Works
reasonably well, including crond running with a job to re-start the
ssh-tunnel if/when it goes down.  I've only been doing it for a week or
so, but it seems pretty stable.


Jeremy


Red Mop wrote:
> On Monday 02 March 2009 07:26:58 pm Dennis J Perkins wrote:
>> On Mon, 2009-03-02 at 09:48 -0600, Jon Buttjer wrote:
>>> Dennis,
>>> Good morning.  It seems that you wish a combination of things, primarily:
>>> 1 - Remote access to that network/pc (a dynamic dns provider to map
>>> global ip address to the comcast modem ie.dyndns + port forwarding
>>> locally which you can use to get to the desired service on the
>>> internal host).  The dyndns would let you use a name
>>> (myfavoritesupportcustomer.dyndns.org) instead of the current DHCP
>>> address from comcast.
>>> 2 - Gui or command access.  Once you have your connection up, you can
>>> choose which way to go here. I have used VNC through SSH for linux,
>>> and it works.  For Windows, I have used www.logmein.com, remote
>>> desktop (RDP), citrix in the past, etc. and they each work.
>>>
>>> So a next questions might be:
>>> * Is your remote host running linux or windows
>>> * are you going to need services between the remote host and your
>>> local, control host (ie. printing, file sharing, etc.).
>>>
>>> HTH,
>>> jontheisguy
>> I gave a friend my old laptop with Linux on it.  She doesn't know Linux,
>> but is willing to learn.  I want to be able to access her GUI to do some
>> support, if necessary, or show her how to do something.
>>
>> She shares the WAP with a neighbor.  I don't know if the neighbor will
>> let me set up NAT.
>>
> 
> Well, for simplicity, you can use networkmanager to open an OpvnVPN tunnel to 
> you, bypassing all the firewall problems.  networkmanager makes it pretty 
> user friendly.
> 
> Another option would be an ssh tunnel.
> _______________________________________________
> clue-tech mailing list
> clue-tech at cluedenver.org
> http://www.cluedenver.org/mailman/listinfo/clue-tech