MEPIS Community Forum

A Linux operating system based on Debian Stable
View unanswered posts | View unsolved topics | View active topics |



Reply to topic  [ 20 posts ]  Go to page Previous  1, 2
VPN Solutions 
Author Message
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 299524
Post Re: VPN Solutions  [Solved]
GoManutd wrote:
the WHOLE purpose behind SSH is that it uses private/public keys for encrypting communication. so long as you properly protect the private keys on the system (which never get transmitted) someone can steal the public key and still have no effect, since decrypting the public key takes a tremendous amount of computing effort - read, resources that the average bear doesn't have.

from the sounds of it, SSH will fit the bill. why use a nuke to kill a mosquito, when a flyswatter does the job?



Good point!

_________________
--
Chris Griffin


Sat May 05, 2012 8:08 am
Profile
Forum Guide
Forum Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 299526
Post Re: VPN Solutions
btw, the proxying capability that SSH and port forwarding allows works VERY well.

you can also do remote desktop stuff over SSH and it works, but most ISPs throttle your upload bandwidth so you'll need to take care how much graphical data you're pushing to your remote location. compression would help this too.


Sat May 05, 2012 8:37 am
Profile
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 299528
Post Re: VPN Solutions
GoManutd wrote:
btw, the proxying capability that SSH and port forwarding allows works VERY well.

you can also do remote desktop stuff over SSH and it works, but most ISPs throttle your upload bandwidth so you'll need to take care how much graphical data you're pushing to your remote location. compression would help this too.


I believe that tightvnc, whichis in the repos, supports compression. I might have to up my bandwidth...

I've seen a few pages that describe different kinds of port forwarding. Specifically, the link mentioned above (https://help.ubuntu.com/community/SSH/O ... Forwarding) notes that there is local port forwarding, remote port forwarding and dynamic port forwarding. It's all a bit foggy to me still, but I think I'd just need to do local port forwarding...no?
Thanks,
Chris

_________________
--
Chris Griffin


Sat May 05, 2012 11:01 am
Profile
Forum Guide
Forum Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 299529
Post Re: VPN Solutions
you'll want to find some dynamic dns solution that allows you to assign a hostname to your router's DHCP address - dyndns was a way to do this, but think they've since stopped taking new members. depending on your router software, there's client software that is used to automatically periodically check the IP and update the record. you really need this because your router/modem IP is not guaranteed unless you've paid for a static IP.

you're not going to want to use dynamic port forwarding because you need to setup your router so it can forward inbound traffic on a particular port, to a particular host. so, SSH is typically port 22 and would be forwarded to port 22 on your home machine - it's strongly suggested to use an alternative port, one that is outside of the assigned IANA ports. so, for instance traffic to port 22222 would forward to port 22. it's a security measure aimed at reducing brute force attacks.

btw, if you are going to do this make sure you INSTALL fail2ban. not only does it automatically bans (either permanently, or temporarily depending on how you config it) IPs that it deems to be attacking your system.

there are a couple of good set of instructions on how to use SSH for port forwarding:

for linux, http://www.debianadmin.com/howto-use-ss ... rding.html
for windows, http://www.dotcomunderground.com/blogs/ ... o-hide-ip/

do you use dd-wrt or some other open source router firmware? there are plenty of howtos on setting up your router for port forwarding, and also on how to properly secure your SSH server setup


Sat May 05, 2012 11:37 am

GoManutd thanked by: cgriffin
Profile
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 299530
Post Re: VPN Solutions
GoManutd wrote:
you'll want to find some dynamic dns solution that allows you to assign a hostname to your router's DHCP address - dyndns was a way to do this, but think they've since stopped taking new members. depending on your router software, there's client software that is used to automatically periodically check the IP and update the record. you really need this because your router/modem IP is not guaranteed unless you've paid for a static IP.

you're not going to want to use dynamic port forwarding because you need to setup your router so it can forward inbound traffic on a particular port, to a particular host. so, SSH is typically port 22 and would be forwarded to port 22 on your home machine - it's strongly suggested to use an alternative port, one that is outside of the assigned IANA ports. so, for instance traffic to port 22222 would forward to port 22. it's a security measure aimed at reducing brute force attacks.

btw, if you are going to do this make sure you INSTALL fail2ban. not only does it automatically bans (either permanently, or temporarily depending on how you config it) IPs that it deems to be attacking your system.

there are a couple of good set of instructions on how to use SSH for port forwarding:

for linux, http://www.debianadmin.com/howto-use-ss ... rding.html
for windows, http://www.dotcomunderground.com/blogs/ ... o-hide-ip/

do you use dd-wrt or some other open source router firmware? there are plenty of howtos on setting up your router for port forwarding, and also on how to properly secure your SSH server setup


Thanks for all of those pointers. fail2ban is on my list to do. I have DD-WRT on a buffalo AirStation. I've had trouble getting the port forwarding to work , but I think that it's an issue with something called a "loopback". I have some bookmarks for sites that talk about the solution.

Best,
Chris

_________________
--
Chris Griffin


Sat May 05, 2012 11:45 am
Profile
Forum Guide
Forum Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 299531
Post Re: VPN Solutions
this option works with dd-wrt. it takes a bit to get things setup, but i've had it working in the past.

also, plenty of the free dyndns options also work with dd-wrt.


Sat May 05, 2012 11:50 am
Profile
Forum Veteran
Forum Veteran
User avatar

Joined: Wed Jul 12, 2006 1:42 am
Posts: 4588
Has thanked: 487 times
Have thanks: 635 times
Post # 299532
Post Re: VPN Solutions
For remote desktop access I've always recommended NX from Nomachine. When I needed remote access that work perfectly, it was easy to setup and it it beat in performance any other VNC solution that I tried.


Sat May 05, 2012 11:52 am

Adrian thanked by: cgriffin
Profile
Forum Guide
Forum Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 299533
Post Re: VPN Solutions
i've used NX for remote desktop access, too. it works well and provides a number of options to improve response times.


Sat May 05, 2012 11:55 am

GoManutd thanked by: cgriffin
Profile
Forum Regular
Forum Regular

Joined: Thu Aug 17, 2006 9:06 pm
Posts: 135
Has thanked: 9 times
Have thanks: 14 times
Post # 299766
Post Re: VPN Solutions
Sorry I'm late to the discussion, but I regularly use NX for remote access of my home computer while travelling. It defaults to a secure connection. I've also set up fail2ban. As an additional precaution, I close the ports on my router when I don't plan on travelling for a while.

Another option is Team Viewer (in the repositories). I've experimented around with it some, and I remember it being easier to setup. However I think it uses their servers to make connections similar to other services. I just prefer not having to rely on the security (or trustworthiness) of a 3rd party.


Fri May 11, 2012 6:07 pm
Profile
Forum Regular
Forum Regular
User avatar

Joined: Sun Mar 27, 2011 9:59 pm
Posts: 221
Has thanked: 50 times
Have thanks: 9 times
Post # 299776
Post Re: VPN Solutions
kumar wrote:
Sorry I'm late to the discussion, but I regularly use NX for remote access of my home computer while travelling. It defaults to a secure connection. I've also set up fail2ban. As an additional precaution, I close the ports on my router when I don't plan on travelling for a while.

Another option is Team Viewer (in the repositories). I've experimented around with it some, and I remember it being easier to setup. However I think it uses their servers to make connections similar to other services. I just prefer not having to rely on the security (or trustworthiness) of a 3rd party.


Yep, that's why I'm staying away from Hamachi.
NX is not open source, that's my only beef with it. But it is peer to peer, and works over SSH, so I don't see how it could really be doing anything too nefarious...

_________________
--
Chris Griffin


Fri May 11, 2012 10:10 pm
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 20 posts ]  Go to page Previous  1, 2

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.