no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | tech:linux:reverse_tunnel [2014/11/15 15:13] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Creating a reverse tunnel – Use for creating your own VPN to a network behind firewall with no incoming ports open ====== | ||
+ | |||
+ | ===== Setup for the SSH server that is connected to the internet (this is the server in the Home Network) ===== | ||
+ | - Establish a SSH server that is always ON. | ||
+ | - This server can be a UNIX or Linux server (can be windows too) that allows SSH connections from the internet. | ||
+ | - Setup a userid and password to connect to this server | ||
+ | - Note down the internet address (ssh-server-internet-ip-address) and the internal intranet address (ssh-server-intranet-ip-address) of this server. | ||
+ | |||
+ | ===== Setup in the workstation to be accessed from outside the firewall ===== | ||
+ | |||
+ | - Install VNC or configure remote desktop on the workstation that is inside the network be accessed. | ||
+ | - Create a putty session as follows: | ||
+ | - Connection to the SSH server via ssh-server-internet-ip-address. | ||
+ | - Under SSH Tunnels have the following entries: | ||
+ | - R5900 localhost: | ||
+ | - R3389 localhost: | ||
+ | - Open putty session and log onto the ssh server (using credentials created before) | ||
+ | - Minimize session | ||
+ | - Lock computer | ||
+ | - Power off monitor (if you are using VNC your actions will be visible to people around your monitor) | ||
+ | |||
+ | ===== Connecting to the workstation inside the firewall ===== | ||
+ | - Start another windows workstation (the ssh server can serve dual purpose) | ||
+ | - Run VNC client or Windows remote desktop client | ||
+ | - Enter the < | ||
+ | - Complete credentials input | ||
+ | - You should be connected to your workstation behind the firewall | ||
+ | |||
+ | ===== Between two Linux servers (Ubuntu used) ===== | ||
+ | * Let's name them ub1 and ub2 | ||
+ | * ub1 is on the Internet (example.org) | ||
+ | * ub2 inside firewall | ||
+ | |||
+ | < | ||
+ | exampleuser@ub2: | ||
+ | </ | ||
+ | |||
+ | Once connected (above)\\ | ||
+ | < | ||
+ | exampleuser@ub1: | ||
+ | </ | ||
+ | |||
+ | Notes:\\ | ||
+ | < | ||
+ | -C to Enable SSH compression | ||
+ | -N to Not start a remote command or shell at all (SSH-2 only) | ||
+ | </ | ||
+ | |||
+ | ===== Notes ===== | ||
+ | |||
+ | C: | ||
+ | |||
+ | On SSH Server | ||
+ | telnet localhost 5900 should connect | ||
+ | |||
+ | http:// | ||
+ | |||
+ | |||
+ | The syntax is "ssh -R port: | ||
+ | |||
+ | I've just noticed that OpenSSH ~4.0 added an extra feature to -R, and it now binds to localhost by default (rather than 0.0.0.0 and letting the remote side restrict it further). \\ | ||
+ | |||
+ | -R [bind_address: | ||
+ | So I think you'll want to use "ssh -R : | ||