Differences

This shows you the differences between two versions of the page.

Link to this comparison view

tech:linux:reverse_tunnel [2014/11/15 09:13]
tech:linux:reverse_tunnel [2014/11/15 09:13] (current)
Line 1: Line 1:
 +====== Creating a reverse tunnel – Use for creating your own VPN to a network behind firewall with no incoming ports open ======
 +
 +===== Setup for the SSH server that is connected to the internet (this is the server in the Home Network) =====
 +  - Establish a SSH server that is always ON.
 +  - This server can be a UNIX or Linux server (can be windows too) that allows SSH connections from the internet. ​ Do this by enabling port forwarding on your internet router to forward SSH connection to this server
 +  - Setup a userid and password to connect to this server
 +  - Note down the internet address (ssh-server-internet-ip-address) and the internal intranet address (ssh-server-intranet-ip-address) of this server.
 +
 +===== Setup in the workstation to be accessed from outside the firewall ===== 
 +
 +  - Install VNC or configure remote desktop on the workstation that is inside the network be accessed. ​ Let them use their default ports of 5900 and 3389.
 +  - Create a putty session as follows:
 +    - Connection to the SSH server via ssh-server-internet-ip-address.
 +    - Under SSH  Tunnels have the following entries:
 +      - R5900 localhost:​5900
 +      - R3389 localhost:​3389
 +  - Open putty session and log onto the ssh server (using credentials created before)
 +  - Minimize session
 +  - Lock computer
 +  - Power off monitor (if you are using VNC your actions will be visible to people around your monitor)
 +
 +===== Connecting to the workstation inside the firewall =====
 +  - Start another windows workstation (the ssh server can serve dual purpose)
 +  - Run VNC client or Windows remote desktop client
 +  - Enter the <​ssh-server-intranet-ip-address>​ as connection
 +  - Complete credentials input
 +  - You should be connected to your workstation behind the firewall
 +
 +===== Between two Linux servers (Ubuntu used) =====
 +  * Let's name them ub1 and ub2
 +  * ub1 is on the Internet (example.org)
 +  * ub2 inside firewall
 +
 +<​code>​
 +exampleuser@ub2:​~$ plink -C -N example.org -l exampleuser -pw p<ENTER PASSWORD>​ -R 15099:​localhost:​22
 +</​code>​
 +
 +Once connected (above)\\
 +<​code>​
 +exampleuser@ub1:​~$ ssh -l exampleuser -p 15099 localhost
 +</​code>​
 +
 +Notes:\\
 +<​code>​
 +-C to Enable SSH compression
 +-N to Not start a remote command or shell at all (SSH-2 only)
 +</​code>​
 +
 +===== Notes =====
 +
 +C:​\programs\plink.exe -C -N exampleuser@example.org -pw <​password>​ -R 5900:​localhost:​5900
 +
 +On SSH Server
 +telnet localhost 5900 should connect
 +
 +http://​www.vnc.com/​pipermail/​vnc-list/​2004-January/​042920.html
 +
 +
 +The syntax is "ssh -R port:​host:​hostport [EMAIL PROTECTED]"​ which will forward "​port"​ listening on "​hostname"​ to "​host:​hostport"​ via your local ssh-running machine.\\
 +
 +I've just noticed that OpenSSH ~4.0 added an extra feature to -R, and it now binds to localhost by default (rather than 0.0.0.0 and letting the remote side restrict it further). \\
 +
 +-R [bind_address:​]port:​host:​hostport \\
 +So I think you'll want to use "ssh -R :​3000:​localhost:​2000 [EMAIL PROTECTED]"​\\
  

QR Code
QR Code tech:linux:reverse_tunnel (generated for current page)