LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices

Reply
 
Search this Thread
Old 05-05-2007, 08:40 PM   #1
glsen_az
Member
 
Registered: Oct 2003
Location: Tucson, AZ
Distribution: XUbuntu 12.10, Smoothwall 3
Posts: 32

Rep: Reputation: 15
Tunneling WiFi Traffic


I found another thread from 2003 that somewhat described what I am wanting to accomplish. I would like to do the following: While at coffee shops, be able to have encrypted traffic (with SSH and VNC??) back to Smoothwall box (via the static IP address supplied by DynDNS service), then turn around and have the traffic re-routed, still encrypted, out to the requested Internet sites. I guess this scenario would be similar to the GoToMyPC concept, except it would be on my hardware and Internet connection.
I'm just getting too paranoid about surfing in the open at coffeeshops (never any shopping or banking-type transactions!) and want to nail things down.

Here's my particular configuration:

Home using Smoothwall firewall system (running on an old Pentium I w/128 MB RAM and 10 GB HD):
o Cable Internet into ethernet NIC (unfriendly/Internet-facing "RED" NIC) - gets dynamic IP address via DHCP from cable provider.
o Second ethernet NIC out to switch (trusted/home network on "GREEN" NIC) - Smoothwall's own DHCP server doles out IP addresses to home PCs.
o Smoothwall offers the option to use DynDNS service to get a static IP address that the Smoothwall box can be referred to from the Internet.
o My Smoothwall box has Squid turned on, mostly for caching web content to help speed things up. Also has the Smoothwall firewall and Intrusion Detection System (Snort).
o Our current cable connection provides top end of 7-9 Mb throughput on a very consistent basis. I would sure like to use this.

SuSE 10.0-based Dell laptop with (wired &) wireless for unsecure coffee house Internet access. I also do WPA secure wireless access at home sometimes.

Are there any good, understandable how-to on this? Any suggestions and links would be greatly appreciated!

-*-Bill
 
Old 05-05-2007, 10:32 PM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
I don't know about doing exactly what you describe, but if you are just concerned about your unencrypted wi-fi traffic, I have a couple of simpler suggestions you might want to consider.

One would be to use Tor. This is anonimyzing software that bounces traffic between several Tor servers. All the traffic is encrypted until it gets to the "exit router". From the exit router to the website it is unencrypted unless you are using SSL/TLS. But from your computer, to the wi-fi access point and beyond it is encrypted. If you are using SSL/TLS, you will also have end-to-end encryption as normal. The down sides are that Tor can be somewhat slow and it is possible your access point will block this.

The other thing you can do (if not blocked by the access point) is to set up a ssh tunnel using the -D switch and then set up your browser to use a SOCKS proxy. Set the proxy to localhost and the port you specified to ssh. Again, this will give you encryption over the wi-fi connection to wherever your sshd is listening, but unencrypted beyond (with the usual SSL/TLS exception).
 
Old 05-06-2007, 03:50 AM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
well if it's security not anonymity you're after then that'll be a vpn, simple as that really. ssh tunneling would be a simple approach, but just running something like OpenVPN would give you much more generic access to more network services. if you're not using a trusted client pc, with your own software, you could use somethign like sslexplorer to have a clientless vpn.
 
Old 05-07-2007, 12:39 AM   #4
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
VPN, Tor, and ssh all encrypt the traffic to and from the mobile computer, which I thought was the OP's main concern. I can't speak to the relative quality of encryption. Of these, VPN would certainly provide the most exhaustive solution, Tor would add the benefit of anonymity but it is sometimes slow, while ssh is probably the simplest.
 
Old 05-07-2007, 02:44 AM   #5
glsen_az
Member
 
Registered: Oct 2003
Location: Tucson, AZ
Distribution: XUbuntu 12.10, Smoothwall 3
Posts: 32

Original Poster
Rep: Reputation: 15
re: Tunneling WiFi Traffic

Acid_kewpie,
Thanks so much for the response.
Quote:
Originally Posted by acid_kewpie
well if it's security not anonymity you're after then that'll be a vpn, simple as that really. ssh tunneling would be a simple approach, but just running something like OpenVPN would give you much more generic access to more network services. if you're not using a trusted client pc, with your own software, you could use something like sslexplorer to have a clientless vpn.
Obviously, since I am asking about this stuff, I haven't played with any of these options, with the exception of using SSH between hosts. Here's what I've done so far:
I've gone to DYNDNS.COM and set up a connection to the current dynamic IP address I get from the cable Internet provider and now have a DNS entry that will be a way for me to talk to my home firewall box for now. I've turned on the VPN option in the installed Smoothwall box. I'll have to see if I can talk to it from the Internet.

I'm going to have to do some googling to see if I can get up to speed on this. I'd really like to find a decent solution I can use with my SuSE-based laptop and also for my wife when she uses her IBM Thinkpad running Windows 2000 out and about. The VPN option should work for our systems. I've heard of Tor but haven't really tried it out. One option I've seen is to run it from a thumbdrive from any PC. Again, thanks for the response and the info you shared.

-*-Bill
 
Old 05-07-2007, 02:49 AM   #6
glsen_az
Member
 
Registered: Oct 2003
Location: Tucson, AZ
Distribution: XUbuntu 12.10, Smoothwall 3
Posts: 32

Original Poster
Rep: Reputation: 15
re: Tunneling WiFi Traffic

Blackhole54,
Thanks for responding and following this thread.

Quote:
Originally Posted by blackhole54
VPN, Tor, and ssh all encrypt the traffic to and from the mobile computer, which I thought was the OP's main concern. I can't speak to the relative quality of encryption. Of these, VPN would certainly provide the most exhaustive solution, Tor would add the benefit of anonymity but it is sometimes slow, while ssh is probably the simplest.
My response to Acid_kewpie touches on what you are writing about: sounds like a VPN might be the best solution - I'll have to dig into it and see what I'll need to do. I've seen Tor but haven't really used it yet.

I hope to keep posting to this thread with more info as I move along this path. Maybe set this up as a how-to here on LinuxQuestions. Thanks again for your responses!

-*-Bill
 
Old 05-07-2007, 10:07 PM   #7
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Quote:
Originally Posted by glsen_az
I hope to keep posting to this thread with more info as I move along this path. Maybe set this up as a how-to here on LinuxQuestions.
Maybe create an entry for the LQ wiki? Just a thought ...
 
Old 05-08-2007, 01:41 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
yeah it's not great to use a forum as your own private notepad...
 
Old 05-16-2007, 02:43 AM   #9
glsen_az
Member
 
Registered: Oct 2003
Location: Tucson, AZ
Distribution: XUbuntu 12.10, Smoothwall 3
Posts: 32

Original Poster
Rep: Reputation: 15
re: Tunneling WiFi Traffic

Quote:
Originally Posted by blackhole54
Maybe create an entry for the LQ wiki? Just a thought ...
That's a great idea. I visited the Smoothwall.org community forums and posted this question there too. (Made sense - this would be something Smoothwall users would do quite often.) I got a response back that I've tentatively tried out at home and will investigate further in the next day or so. Here's the link to the forum responses:
http://community.smoothwall.org/foru...=167567#167567

Thanks again for your suggestions.

-*-Bill
 
  


Reply

Tags
dyndns, encrypted, networking, smoothwall, ssh, suse, tor, tunneling, vpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to capture wifi traffic ? jlliagre Linux - Wireless Networking 2 02-14-2007 07:41 AM
Does all wifi traffic go through the AccessPoint? Carroarmato0 Linux - Wireless Networking 2 09-24-2006 12:45 PM
X11 Tunneling and Web traffic from local Machine macgyver007 Linux - Networking 2 01-30-2006 09:13 AM
Tunneling all traffic to relay server xilace Linux - Networking 1 10-06-2005 04:13 PM
incoming tunneling or tunneling via a 3rd party? JustinHoMi Linux - Networking 1 04-15-2005 01:57 PM


All times are GMT -5. The time now is 02:32 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration