Ric Moore wrote:
On Tue, 2006-12-19 at 11:55 +0000, James Wilkinson wrote:
But it is possible to use SSH either as a "poor man's" VPN, or as a
"sort-of" VPN. I've never done a full VPN over SSH, but I'd start by
reading http://tldp.org/HOWTO/ppp-ssh/index.html. The advantage of a SSH
VPN is that SSH tends to be a lot less picky about the sort of network
connections it gets than many VPNs, and SSH itself is easier to set up.
Disadvantages include that SSH is supposed to be a poor transport for IP
packets, and that if the SSH connection drops, so do all communications.
You might get on better with port-forwarding. This can be as simple as
ssh -L 5900:192.168.1.55:5901 vncuser@xxxxxxxxxxxxxxxxxxxxxx
This connects you to a computer called jimdouglas.example.com, logs you
in as vncuser (through a password or private key), and creates a tunnel
between port 5900 on your machine and port 5901 on 192.168.1.55 on the
same local network as jimdouglas.example.com (it might or might not be
the same computer as jimdouglas.example.com). That then allows you to
connect a VNC viewer to port 5900 on your own machine, and log into
192.168.1.55.
It works very well for simple one-port protocols like VNC. It can be
more of a challenge to get it to work with SMB or NFS (usually I don't
bother and just sftp what I need).
The advantage of this is that it's easy to set up SSH and be sure it's
going to work, and then it's practical to set up tunnels as needed
remotely.
I used to use ssh and cipe to tunnel into my office machine, is this
like that? Ric
Not exactly - with ssh you have to specify every port to forward and
every destination address. If you want something like cipe, look
at openvpn.
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list