[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] "reverse road warrior" scenario?

  • Subject: Re: [Openvpn-users] "reverse road warrior" scenario?
  • From: Richard Atterer <richard@xxxxxxxxxxxxxxxxxx>
  • Date: Thu, 30 Dec 2004 12:59:58 +0100
  • Mail-copies-to: nobody

On Thu, Dec 30, 2004 at 10:40:30AM +0100, Jan Johansson wrote:
> So, that's why I thougt a VPN-tunnel would be the way to solve this
> issue?

It is, but it might be overkill. I have a similar problem, but solved it
with a ssh tunnel. I've configured my mail software to deliver to
localhost:1023, which gets forwarded to port 25 of a machine outside my

Simply run a script like this during your boot sequence:

while true; do
    ssh -n -i /root/.ssh/mailtunnel -L 1023:mailserver:25 user@sshhost
    sleep 60
done &

When you connect to localhost:1023 on your machine, traffic will get
forwarded to mailserver:25. The connection to mailserver is made from
sshhost. ssh will notice when your IP changes due to the default
TCPKeepAlive=yes setting.

On sshhost, put something like this in ~user/.ssh/authorized_keys:

command="sleep 86400",permitopen="mailserver:25" ssh-rsa AAA.... mailtunnel

The AAA.... is the public RSA key from mailtunnel.pub. The "mailtunnel" ssh
key can be password-less because the only thing you can do with it on
sshhost is open a tunnel to mailserver. Of course mailserver and sshhost 
can be the same machine.

Sorry, this is a bit OT!



  __   _
  |_) /|  Richard Atterer     |  GnuPG key:
  | \/¯|  http://atterer.net  |  0x888354F7
  ¯ '` ¯

The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
Openvpn-users mailing list