FC6 VPN

Ric Moore wayward4now at gmail.com
Thu Dec 21 07:45:26 UTC 2006 

On Wed, 2006-12-20 at 22:05 -0600, Les Mikesell wrote:
> Ric Moore wrote:
> > On Tue, 2006-12-19 at 11:55 +0000, James Wilkinson wrote:
> > 
> >> But it is possible to use SSH either as a "poor man's" VPN, or as a
> >> "sort-of" VPN. I've never done a full VPN over SSH, but I'd start by
> >> reading http://tldp.org/HOWTO/ppp-ssh/index.html. The advantage of a SSH
> >> VPN is that SSH tends to be a lot less picky about the sort of network
> >> connections it gets than many VPNs, and SSH itself is easier to set up.
> >> Disadvantages include that SSH is supposed to be a poor transport for IP
> >> packets, and that if the SSH connection drops, so do all communications.
> >>
> >> You might get on better with port-forwarding. This can be as simple as
> >> ssh -L 5900:192.168.1.55:5901 vncuser at jimdouglas.example.com
> >> This connects you to a computer called jimdouglas.example.com, logs you
> >> in as vncuser (through a password or private key), and creates a tunnel
> >> between port 5900 on your machine and port 5901 on 192.168.1.55 on the
> >> same local network as jimdouglas.example.com (it might or might not be
> >> the same computer as jimdouglas.example.com). That then allows you to
> >> connect a VNC viewer to port 5900 on your own machine, and log into
> >> 192.168.1.55.
> >>
> >> It works very well for simple one-port protocols like VNC. It can be
> >> more of a challenge to get it to work with SMB or NFS (usually I don't
> >> bother and just sftp what I need).
> >>
> >> The advantage of this is that it's easy to set up SSH and be sure it's
> >> going to work, and then it's practical to set up tunnels as needed
> >> remotely.
> > 
> > I used to use ssh and cipe to tunnel into my office machine, is this
> > like that? Ric
> > 
> 
> Not exactly - with ssh you have to specify every port to forward and
> every destination address.   If you want something like cipe, look
> at openvpn.

Right, I had a little script for that to specify the ports... the
network beenies set it up for me and my tired little brain. ssh had to
happen first, followed by cipe, with another script to transfer my Larry
Ellison's Finest (Oracle) from my machine in my cube at RH to my home
via a 56k modem. (this is back in 2000) If you were home sick, you still
worked... bless 'em. 

Took awhile, for everything to transfer, but once it did it was almost
as fast as being in front of my office machine. It was all tab to next
box and fill-in the blanks crap anyway. The gui stayed pretty much the
same most of the time, so it didn't refresh much. Heck, I was more
secure than most bank transfers. 

Imagine being in charge of the networks at RH. You'd be the best of the
best, or had better be with all the huge name developers there in one
spot. I was just a cut n' paste monkey with 800 emails staring us in the
face on Monday morning for user tech support requests... generally for
the same problems over and over and over again. Write once, paste many
many times. <chuckles> Ric
 

-- 
================================================
My father, Victor Moore (Vic) used to say:
"There are two Great Sins in the world...
..the Sin of Ignorance, and the Sin of Stupidity.
Only the former may be overcome." R.I.P. Dad.
Linux user# 44256 Sign up at: http://counter.li.org/
http://www.sourceforge.net/projects/oar
http://www.wayward4now.net
================================================

More information about the fedora-list mailing list