[ProgSoc] VPN/SSH tunnel?

Anand Kumria wildfire at progsoc.uts.edu.au
Wed Aug 4 16:52:24 EST 2010


Hi,

I guess the first thing is the set of applications that need to be usable
beyond the firewall.

And then how automatic the solution needs to be. If we are just talking 'web
access', then with your initial set of constraints I'd say 'ssh -D' on each
machine to the machine beyond the firewall and then pointing each local web
browser to localhost would be enough.

Cheers,
Anand

On Wed, Aug 4, 2010 at 1:54 AM, sanguinev at progsoc.org <sanguinev at progsoc.org
> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have several systems (4-12) behind a restrictive firewall and would
> like to be able to set up some kind of VPN or tunnel to solve the
> firewall problems. Obviously this needs an external server (or servers)
> to work. I am trying to find a good solution to this... with some
> constraints.
>
> The constraints are:
>
> 1. No more than 3 of the systems can appear to come from the same IP
> address (so they can't all tunnel to a single server without that sever
> doing something tricky...?).
>
> 2. The systems may change address between uses, so fully static
> solutions or ones with a lot of configuration are bad.
>
> 3. Most systems will be windows (XP/Vista/7), Mac OS/X support is also
> good.
>
> 4. Low latency connections are desirable (i.e. not too much extra
> latency). Bandwidth is not going to be specially high usage.
>
> 5. External server should be as lightweight as possible, minimal disk
> space, processing, RAM, etc required.
>
> The options that have come to mind so far are:
>
> A. A VPN solution, where each system connects to the external server.
>   Pros: relatively simple
>   Cons: all traffic, even between systems, goes out and back
>
> B. Systems set up SSH tunnels to external server(s).
>   Pros: relatively simple
>   Cons: some trickiness on external server(s) or more admin, all
>   traffic goes out and back
>
> C. Local server and external server with tunnel, local server does
>   routing.
>   Pros: traffic is minimal and kept local
>   Cons: setting up local router and extra addressing
>
> I am open to further options, and or suggestions for software for any
> option.
>
> - - SanguineV
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
>
> iQIcBAEBAgAGBQJMWLpLAAoJEI+NvFGSwhPnDbEQAKSRIRSqVDINWYFP7Ojwyksj
> VJa2IkzUOP3q3gyNHXUqi9jjLCdt+XF5FTZ0Fc5Fjp+pFR2+hSjREWRzDFgOqdJr
> mcuUsHFcWDCIu3Xp1MBqdjhE1MD4ubUlBsaSeFIByC8TkXLMnjW4GREXDL8PHVdy
> +KIVao+8OEw06eHi474ngNWZduhoGY3BQNJZvBxamCmCSkmeW7ev/o7qcDGxSo9/
> BadmP2VVcXSuAy2Vh5bBBdntyJpo3QdHtBS3wXGbxazdNuTP5rwqUWXFStxTBsdP
> fPn/mhb44+bnpcaWdFCEx8xq57I4sqOtLFDV4ukemuYnhepvdcuhsng3XTIVc7QU
> g2nIOAcWF9SvRZYTBHwOjfB5oyRuK30j0CYIE5bd4ewFX/Eju99Hu/tAlDgOkXzA
> ZLjylYvb7M0UKyM/qedEbeSQwX4bqR/nfsyhPUklsScrStQVVnakNLrOgAha8ofM
> s3lFfi75FMWJe+C226xu4UhASyHRZZy1cm1ycvBjlqDJa5sJmD3EEIx284vqtgDA
> 7R1STiYb45YVJoaORTMXJutf4JFek9gtNQO1t6mW3+na5mpNFTJTTzwkb9TaYRwQ
> 3+mKuEYsnCKqdxPZ7DO8mZNPnn4K/LTnqcsSerr6xKGQ5MpKHY1Pl7WrGPgxJkRs
> e5nTuySMHhIQSIolj9RJ
> =RN5z
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Progsoc mailing list
> Progsoc at progsoc.org
> http://progsoc.org/cgi-bin/mailman/listinfo/progsoc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://progsoc.org/pipermail/progsoc/attachments/20100804/8ce9c662/attachment.html>


More information about the Progsoc mailing list