[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] SSHv2 vs OpenVPN security

  • Subject: Re: [Openvpn-users] SSHv2 vs OpenVPN security
  • From: Richard Atterer <richard@xxxxxxxxxxxxxxxxxx>
  • Date: Tue, 28 Dec 2004 22:22:01 +0100
  • Mail-copies-to: nobody

On Tue, Dec 28, 2004 at 09:39:02AM -0500, Charlie Hosner wrote:
> SSHv2 is not going to provide you with the simple network extension
> people usually seek in a VPN.  You would have to direct traffic over the
> SSH tunnel via port forwarding or some other magic

Actually, such a ssh VPN solution exists: ssh has had a built-in SOCKS
server for quite a while:

  -D port
    Specifies a local ``dynamic'' application-level port forwarding.  This 
    works by allocating a socket to listen to port on the local side, and 
    whenever a connection is made to this port, the connection is forwarded 
    over the secure channel, and the application protocol is then used to 
    determine where to connect to from the remote machine.  Currently the 
    SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS 
    server.  Only root can forward privileged ports. Dynamic port 
    forwardings can also be specified in the configuration file.

Of course a real VPN solution like OpenVPN is preferable, but if you only
have ssh access to a network, this ssh feature is quite nice.



  __   _
  |_) /|  Richard Atterer     |  GnuPG key:
  | \/¯|  http://atterer.net  |  0x888354F7
  ¯ '` ¯

Openvpn-users mailing list