Main Area and Open Discussion > General Software Discussion

Help! ssh setup

<< < (2/2)

4wd:
Setting up a VPN server at your home network is not as easy as it seems, but OpenVPN does not make it too hard either.
-Shades (July 05, 2009, 01:08 PM)
--- End quote ---

Actually, it's remarkably easy, see here  ;)

Having learnt from that exercise, it's taken me less than 15 minutes to set up another one on a different machine with PKI.

And I'm now about to test PortableOpenVPN and see if it works.

@kartal:  Think of the VPN as a LAN, you can do anything across it that you can do on your real LAN except it's fully encrypted, (and you can also add password verification which I'm just about to play with), you can access it from outside your real LAN, (from anywhere you have TCP/IP access to it), and when you do it's exactly the same as if you were sitting at one of the computers on your LAN.

kartal:
4wd,

I actually printed your vpn directions, it is not something I have forgotten about.

I actually use vpn with one of my clients. I am not the one who set it up though, I just connect to their project servers.

At this point I am too exhausted to try today but I might try in couple days.


Based Shades reply I am guessing that having vpn+ssh is not a bad idea. Would there be any conflicts along the way? Or would they just compliment each other in general?

kartal:
Btw, do I really need keys? Cannot I just use dial up for Vpn? That is how I connect to my client`s network at the moment.Although I am not sure if they had set up key based stuff on their servers.

Shades:
If you want the data that passes through the VPN connection to be encrypted then yes. From your earlier posts I noticed that you are very aware of your online presence and do like your privacy (both are a good thing). So I would say: yes, you need keys.

a CA key that has to be installed on every PC that will contact your home network including the PC that hosts the VPN server. For each PC that is in this VPN you need a secret and public key and each PC in the network should have all public keys from all other PC's in the VPN network.

Not that hard, but maybe an example would be more clear:
Say you have a VPN server called 'server' and two VPN clients called 'client1' and 'client2'

The VPN server needs the CA key, the secret 'server' key, the public 'server' key, public 'client1' key & 'client2' key
The VPN client1 needs the CA key, the secret 'client1' key, the public 'client1' key and public 'server' key
The VPN client2 needs the CA key, the secret 'client2' key, the public 'client2' key and public 'server' key
Using this particular setup each client can securely communicate with the VPN server.

If really need be, I would be able to create all the necessary keys, but then you have to trust me (and inform me how many you need). And if you have trust issues, I could rewrite some manuals I had to write on this subject (but that will be something I can only do when I have time) and you do it yourself. 

4wd:
1- I have forwarded port 22 in my firewall to my laptop so that I can access over the internet. I have not tried it outside but hopefully it would work.-kartal (July 04, 2009, 08:08 PM)
--- End quote ---

One thing I forgot to mention.  Most routers have some way to loopback the connection if they see you're addressing using the WAN IP.  Whether it's enabled or not is another thing.

eg.
Your WAN IP is 114.123.234.123, your LAN IP range is 192.168.0.1 - 16 and you're running a HTTP server on port 8080 of IP 192.168.0.10.  Normally you'd access it from within your LAN by http://192.168.0.10:8080  within a browser.

Enabling loopback in your router lets you do http://114.123.234.123:8080, the router seeing that you've used your WAN IP will loop the connection back through it's firewall and NAT routing to the computer running the HTTP server without ever going further upstream, (ie. ISP, DNS, etc).

This allows you to test your router/firewall config without having to go 'outside' your network to make sure it will pass through to whatever server you're trying to reach within your network.

It's the way I test any server I'm running without having to wait until I visit a mate's place, (only to find I screwed up the NAT or something).

How you enable it depends on your router.  For example, on my Zyxel P660 I have to telnet in, navigate the menus to the CLI and then enter: ip nat loopback on

This is only in effect until the router reboots, so I have also edited it into the router's autoexec.net file so it's executed at reboot.

Navigation

[0] Message Index

[*] Previous page