From owner-freebsd-net@FreeBSD.ORG Fri Feb 6 08:44:29 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E17316A4CE for ; Fri, 6 Feb 2004 08:44:29 -0800 (PST) Received: from mx.sat.corp.rackspace.com (mx.sat.corp.rackspace.com [64.39.1.217]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2362543D2F for ; Fri, 6 Feb 2004 08:44:23 -0800 (PST) (envelope-from amason@rackspace.com) Received: from mail.rackspace.com (mail.rackspace.com [64.39.2.181]) i16GgB4w001199 for ; Fri, 6 Feb 2004 10:42:11 -0600 Received: from [10.1.101.24] (office101-24.sat.rackspace.com [10.1.101.24]) by mail.rackspace.com (8.12.10/8.12.10) with ESMTP id i16GiJ32010789 for ; Fri, 6 Feb 2004 10:44:20 -0600 From: Art Mason To: freebsd-net@freebsd.org In-Reply-To: <004a01c3ea1f$1a34cea0$0a00a8c0@arista> References: <200402030225.i132Pfax071987@vjofn.tucs-beachin-obx-house.com> <004a01c3ea1f$1a34cea0$0a00a8c0@arista> Content-Type: text/plain Organization: Rackspace Managed Hosting Message-Id: <1076085904.87575.65.camel@mizar.rackspace.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Fri, 06 Feb 2004 10:45:05 -0600 Content-Transfer-Encoding: 7bit X-MailScanner: Dd6rvCg9: Found to be clean Subject: Re: Whats the best solution? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2004 16:44:29 -0000 You might also want to take a look at OpenVPN (/usr/ports/security/openvpn). It's essentially a Layer 7 VPN using SSL that works well w/ dynamic IP addresses and even allows for one end-point to be NATed. Not sure if this is quite the solution you're looking for, but it might help. -- Art Mason Technical Support - Team F Rackspace Managed Hosting (800) 961-4454 ext. 1223 amason@rackspace.com On Tue, 2004-02-03 at 00:29, Willie Viljoen wrote: > SSH :-) > > Have a look at the ssh(1) manpage. The port forwarding should be able to do > what you are looking for. Also, to get the authentication to be automatic, > set up your SSH to use public keys, and use a passphraseless public key on > your laptop. This will let it automatically log in and set up the tunnel. > You can then tunnel any TCP traffic through a secure channel to your server. > This is all described in the man page. > > For DNS, use the IP address of the server you plan to use for the other end > of the tunnel. As long as you open only UDP port 53 and configure it > sensibly, there should be no security risk to running a DNS that accepts > from any IP, all proper DNS servers need to do this anyway. This way, you > can run your own DNS, and possibly even put in some private DNS tricks to > make working with the tunnel easier. > > Will > > ----- Original Message ----- > From: "Tuc at the Beach House" > To: > Cc: > Sent: Tuesday, February 03, 2004 4:25 AM > Subject: Whats the best solution? > > > > Hi, > > > > HELP! Whew, ok, felt good to get that out. > > > > Heres my problem, I'd like to know what people feel would be the > > best solution. > > > > I travel alot. When I do I bring a Wireless AP, and an Asante > > Firewall. Normally I plug the Asante into the ethernet connection at > > the hotel, and the WAP into the Asante. > > > > Some places I run into problem with their web proxy. Almost > > all places I have a hell of a time with DNS. When I have DNS issues, the > > machine just does not like it. > > > > I want to be able to set something up where I can tunnel to a > > dedicated private server I have on the global internet, and route all > > my traffic through it. I want it to be the default route, and once they > > hit my end server, they then can be forwarded over the rest of the global > > internet. > > > > I need to be able to have the client be on dynamic IPs. I need some > > sort of an authentication. And most of all, something easy to debug would > > help. > > > > Any ideas, thoughts, suggestions, etc? > > > > Thanks, Tuc/TTSG Internet Services, Inc. > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"