At Thursday, 09 December 2004, Micha Feigin <[EMAIL PROTECTED]> wrote:
>At Thu, 9 Dec 2004 21:49:47 +1100, >Robert S wrote: >> >> I am wanting to set up a VPN using ssh between my office and my home Windows >> PCs, using a debian box at the remote end. The setup is as follows: >> >> HOME (winxp)- - - -<internet>- - - - DEBIAN ----<internal network>- ---SERVER >> (win2K) >> >> I have managed to connect (using vnc) to SERVER using PuTTY or ssh at the >> home end thus: >> >> 1. log into DEBIAN from HOME using Putty, forward remote port 5900 to local >> port 5901 >> 2. forward port from SERVER to DEBIAN using "ssh -C -g -L 5900: server:5900 >> debian" >> 3. connect vncviewer to local port 5901. >> > >You could use masquarading (iptables) on the debian machine to forward >some port >on the debian machine to the server and then when you connect ssh to that port >the connection will be forwarded directly to the server. > >I think that there is also a way to automatically run a command on ssh >connection. I remember something in a tutorial about setting up cvs with ssh to >allow only running cvs on the server so that the users don't have complete >control. > >> All is fine with this setup. If I do this with samba using port 139 >> however, it fails because I've disabled root ssh logins. >> >> I'd like to set up the above setup where step 2 is replaced by a persistent >> connection that doesn't require a second password entry. In other words, >> I'd like to forward a port on SERVER to a port on DEBIAN. I don't want to >> use a private key file because that would have to be located on DEBIAN, with >> obvious security problems. I assume that this would require something other >> than ssh. >> > >You could use the -R option with ssh to also forward ports in the reverse >direction. > >> Can you do this with iptables - if so - how? stunnel does not seem to do >> it - my syslog on DEBIAN indicates a connection, but nothing happens on the >> HOME end. >> >> >> >> >> -- >> To UNSUBSCRIBE, email to [EMAIL PROTECTED] >> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] debian.org >> >> >> +++++++++++++++++++++++++++++++++++++++++++ >> This Mail Was Scanned By Mail-seCure System >> at the Tel-Aviv University CC. >> > >-- Have you thought about openVPN? It was pretty easy to get up and running. http://www.zerocrossings.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
