|
|
Hi, I'd like to have home access to my work LAN, which is behind a firewall. What I currently do is set up a remote ssh tunnel from work: ssh -R 8822:localhost:22 homeusername@xxxxxxxxxxxx Then to access from home, I do: ssh -p 8822 workusername@localhost >From this point on, I can similarly create other ssh tunnels. The problem is that this approach requires creating a tunnel for each unique (host, port) pair, which is getting to be very tedious. I'm hoping VPNs can help me out here. Ideally, any packets I send to 172.24._._ (the work LAN) from my home computer will be routed through my work box and reach the appropriate (host, port) at work. I went through http://openvpn.net/static.html, but ran into two problems. The first problem is that I don't know how to tunnel the VPN over ssh. Here's what I did: [from the server at work] $ ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:1A:A0:17:3A:50 inet addr:172.24.104.145 Bcast:172.24.111.255 Mask:255.255.240.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3447552 errors:0 dropped:0 overruns:0 frame:0 TX packets:5454996 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:835777950 (797.0 MiB) TX bytes:6651406888 (6.1 GiB) Interrupt:177 $ cat svr dev tun ifconfig 10.0.0.1 10.0.0.2 secret static.key $ ssh -f -N -R 1194:localhost:1194 homeusername@xxxxxxxxxxxx $ sudo openvpn svr Sun Jun 10 01:01:09 2007 OpenVPN 2.0.6 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 10 2006 Sun Jun 10 01:01:09 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Sun Jun 10 01:01:09 2007 TUN/TAP device tun0 opened Sun Jun 10 01:01:09 2007 ifconfig tun0 10.0.0.1 pointopoint 10.0.0.2 mtu 1500 Sun Jun 10 01:01:09 2007 UDPv4 link local (bound): [undef]:1194 Sun Jun 10 01:01:09 2007 UDPv4 link remote: [undef] [from the client at home] $ cat cli remote localhost dev tun ifconfig 10.0.0.2 10.0.0.1 secret static.key $ sudo openvpn cli Sun Jun 10 01:11:20 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Mar 2 2007 Sun Jun 10 01:11:20 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Sun Jun 10 01:11:20 2007 TUN/TAP device tun0 opened Sun Jun 10 01:11:20 2007 ifconfig tun0 10.0.0.2 pointopoint 10.0.0.1 mtu 1500 Sun Jun 10 01:11:20 2007 UDPv4 link local (bound): [undef]:1194 Sun Jun 10 01:11:20 2007 UDPv4 link remote: 127.0.0.1:1194 Sun Jun 10 01:11:31 2007 Peer Connection Initiated with 127.0.0.1:1194 Sun Jun 10 01:11:31 2007 WARNING: 'ifconfig' is used inconsistently, local='ifconfig 10.0.0.2 10.0.0.1', remote='ifconfig 10.0.0.1 10.0.0.2' Sun Jun 10 01:11:32 2007 Initialization Sequence Completed That warning doesn't go away even if I swap the ifconfig arguments in cli, which leads me to suspect that I'm not even connecting to the work computer. That, plus the fact that the work computer doesn't print any similar completion message. The second problem is what's said at the bottom of the HOWTO: "Then on the server side, add a route to the server's LAN gateway that routes 10.8.0.2 to the OpenVPN server machine (only necessary if the OpenVPN server machine is not also the gateway for the server-side LAN)." Is this really necessary? Can openvpn instead do something similar to what ssh does and proxy my packets? ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |