So, I still have to set up a VPN? Now I think I need some VPN troubleshooting because I set Windows XP at home to accept connections, and windows XP at school to connect, but the machine at school said it couldn't connect. I could access my ftp server from internet explorer, but I just couldn't get the VPN going, so I'm assuming that the VPN connection is the problem. It could also be a block port on the router, but that is unlikely. I don't have a firewall enabled on either computer. I am now going to try a Windows XP VPN howto (the one on the help index said it was an unknown code). Wish me luck!!
|
You will either need to set up a VPN or SSH but not both. What VPN are you using?
To determine wheteher a particular port is blocked/available try this. Think of it as ping on steroids. This is a Win32 application. nmap in the Linux world does much the same thing. |
How do I connect using SSH if I can only talk to the router and it doesn't let me in?
By the way, (with VPN) will I be able to access computers on the same network as the CLIENT? I know the client can access the server's, but can the server access the client's LAN? |
Quote:
As far as how do oyu connect with SSH. You can connect using SSH (or VPN for that matter) because you will be initiating the cnnection from the machine befind the router. Then when you get home you will use the already established connection to by pass the NAT. In the case of a VPN the initiater of the tunnel effectively becomes part of the LAN segment at the destination. I.E. You Linux box as the initiator will become part of the LAN segment that the Windows box is on and will be able to acess things on that segment, if you do not restrict access through the VPN. It would probably be wise to restrict access though. |
I am unable to establish a vpn because the vpn port is blocked. I don't understand how to backtrack through an ssh tunnel, as far as I know, the connection is one-way. If someone ssh'ed my computer, I wouldn't even know it!! how can I backtrack to the host of the ssh connection when I am on the server?
|
Go to post 27 and read the page from the first link. That explains what I am suggesting except we will be reversing the portforwarding. i.e. from the remote to the local rather than from the local to the remote.
|
I don't mean to be a bother, but I don't think I understand what I'm reading. This article says that I can forward packets on the localhost to those on a remote host. I cann't even see the computer around the router, how do I forward connections to a port if the computer cann't even be seen. I can see mine from inside the network, but I cann't see the school computer from outside the network. I need access to the computers' IP address, then I can handle it. Can I change the port VPN uses on the client and server?
|
Quote:
|
So your saying I can connect to the outside computer from inside the network (by logging on to it with ssh), and then physically go to the outside computer, start ssh, and logon to the computer protected by the router?
|
I think httptunnel might be a good idea, by what I think I understand about it. my situation now, is that I need to get to a ftp server inside the school. I figured if I could figure out how to use this software, then I could set up a server on the outside, a client on the inside, and then connect to the my home computer from the inside, go home, and then ftp my computer at school. Does anyone know how to use this software, or have another good idea for acomplishing this?
|
I think I would go wth ssh if you need a shell login.
The only way I can see it working reliably is for the router to do port forwarding to your internal system. if you can do that then the ssh connection to the internet address will be forwarded to your internal system. The other way would not require the router to be configured for port forwarding. However the internal machine would need to make the connection and establish a remote forward of a local port. It would also need to check the connection and if the connection was lost it would need to reconnect. This would in a sense make the internal machine the client and your home system the server. If the connection is made and a local port on the client is forwarded to the server's local port then a connection to the client can be made locally on the server. |
For the connection itself this will work...
First lets setup ssh to run on two ports, one for normal ssh and the other for the remote connection.. I use port 513 because it's available on my systems On the internal machine.. I assume sshd is already running and working on the normal port. Start ssh on port 513... Code:
sshd -p 513 You can use the ip address of your machine at home ( www.yourhomeserver.com) if you have no domainname Now you will get the connection established On the home machine... Code:
ssh -p 513 127.0.0.1 Once the connection is established you will be logged into the machine inside the router. Any file transfers between the two machines can be established from the internal machine using ftp or whatever. The home server will be acting as an ftp server or sftp server, etc.. You can setup sshd to come up on port 22 and 513 in the /etc/ssh/ssh_config file You will probably want to set this up to use certificates instead of passwords, so you can do the connection from a script on the internal machine. You will need a script on the internal machine that runs the ssh command, checks for the connection, and continues to try the connection when it fails. Having a domainname for the home machine would be best. That way if your ip address changes for some reason you can fix the domainname from anywhere and the connection will be resumed without having to access the internal machine to change the script. |
I tried changing the port from 22 to 21, and internet explorer just gives me error messages. It worked for my web server on port 80, but not the ftp server. I just need to transfer files across it, I dont need remote logins.
|
you cannot do anything without port forwarding on the router.
The work around is the remote login. You can transfer files to and from anywhere on the internet once you are logged in. |
well, I can use the apache web server through the tunnel, so how can I make apache force a login to use it?
|
All times are GMT -5. The time now is 11:23 PM. |