Date: Fri, 06 Feb 2004 10:45:05 -0600 From: Art Mason <amason@rackspace.com> To: freebsd-net@freebsd.org Subject: Re: Whats the best solution? Message-ID: <1076085904.87575.65.camel@mizar.rackspace.com> In-Reply-To: <004a01c3ea1f$1a34cea0$0a00a8c0@arista> References: <200402030225.i132Pfax071987@vjofn.tucs-beachin-obx-house.com> <004a01c3ea1f$1a34cea0$0a00a8c0@arista>
next in thread | previous in thread | raw e-mail | index | archive | help
You might also want to take a look at OpenVPN (/usr/ports/security/openvpn). It's essentially a Layer 7 VPN using SSL that works well w/ dynamic IP addresses and even allows for one end-point to be NATed. Not sure if this is quite the solution you're looking for, but it might help. -- Art Mason Technical Support - Team F Rackspace Managed Hosting (800) 961-4454 ext. 1223 amason@rackspace.com On Tue, 2004-02-03 at 00:29, Willie Viljoen wrote: > SSH :-) > > Have a look at the ssh(1) manpage. The port forwarding should be able to do > what you are looking for. Also, to get the authentication to be automatic, > set up your SSH to use public keys, and use a passphraseless public key on > your laptop. This will let it automatically log in and set up the tunnel. > You can then tunnel any TCP traffic through a secure channel to your server. > This is all described in the man page. > > For DNS, use the IP address of the server you plan to use for the other end > of the tunnel. As long as you open only UDP port 53 and configure it > sensibly, there should be no security risk to running a DNS that accepts > from any IP, all proper DNS servers need to do this anyway. This way, you > can run your own DNS, and possibly even put in some private DNS tricks to > make working with the tunnel easier. > > Will > > ----- Original Message ----- > From: "Tuc at the Beach House" <tuc@tucs-beachin-obx-house.com> > To: <freebsd-net@freebsd.org> > Cc: <tuc@ttsg.com> > Sent: Tuesday, February 03, 2004 4:25 AM > Subject: Whats the best solution? > > > > Hi, > > > > HELP! Whew, ok, felt good to get that out. > > > > Heres my problem, I'd like to know what people feel would be the > > best solution. > > > > I travel alot. When I do I bring a Wireless AP, and an Asante > > Firewall. Normally I plug the Asante into the ethernet connection at > > the hotel, and the WAP into the Asante. > > > > Some places I run into problem with their web proxy. Almost > > all places I have a hell of a time with DNS. When I have DNS issues, the > > machine just does not like it. > > > > I want to be able to set something up where I can tunnel to a > > dedicated private server I have on the global internet, and route all > > my traffic through it. I want it to be the default route, and once they > > hit my end server, they then can be forwarded over the rest of the global > > internet. > > > > I need to be able to have the client be on dynamic IPs. I need some > > sort of an authentication. And most of all, something easy to debug would > > help. > > > > Any ideas, thoughts, suggestions, etc? > > > > Thanks, Tuc/TTSG Internet Services, Inc. > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1076085904.87575.65.camel>