A client has a web server that can only be accessed when on their network.
For example sake, let's say my login details are:
Server: example.com
User: user
password: password
for when I am on their company's internet. I use either Cyberduck or FileZilla to connect to their web server.
I'd much rather be able to connect remotely but I just have a lot of trouble setting this up. I have connected to the client's vpn, let's say vpn.example.com, and use Cisco AnyConnect to accomplish this.
Beyond this, my knowledge of VPN is limited. In an FTP client, is there anything I should be doing to ensure that it uses the VPN to connect to example.com rather than my home connection?
Thanks.
-m
There two ways around this. I am assuming you are using Windows or a Mac since the AnyConnect client doesn't come in a Linux flavor.
Open a CMD/Terminal and type "route print" or "netstat -r" take note of where example.com is pointing to. Most likely the default route will catch it. In that case you want to add a route to have it go via the VPN interface for any traffic that goes to example.com (After doing this, once you disconnect from the VPN you will not be able to connect to example.com any more unless you connect to the VPN.)
The other way is to connect to the FTP using the local IP of the FTP once connected to the VPN.
As there is no Linux solution I will post my solution. I don't know much about the other side (vpn server side), so this solution might not fit your environment.
I'm using vpnc (installable via package manager on Ubuntu, other systems might work too). You can configure it with a .conf file, my values are
IPSec gateway <server address>
IPSec ID <gateway id>
IPSec secret <kind of group password>
Xauth username <your username>
Xauth password <you password>
If you are using UBUNTU
Install Open client for Cisco AnyConnect VPN from Ubuntu Software center, then use openconnect command.
Related
This is the first time I use the sshuttle.
I am running into an issue working with sshuttle.
I run the sshuttle to connect my local with a remote server on my local machine.
I can access the server by using ssh and pem file.
I used the following command on my MacOS.
sshuttle --dns -vr dev 10.0.0.0/0 --ssh-cmd 'ssh -i ~/.ssh/dev.pem'
I have set ssh config to use the dev hostname in .ssh/config file
host dev
HostName xx.xxx.xx.xx
user root
IdentityFile ~/.ssh/dev
But I couldn't connect my local to the remote server, even all the internet traffic keeps loading and never loads anything.
I am using a dedicated IP on VPN service (PureVPN). Wihtout VPN, sshuttle is working well so meaning that running sshuttle on top of other VPN service is a problem?
I don't think it's a problem since it's a dedicated IP. And if it's a problem, how can I address this issue since I must use the dedicated IP for an another service.
If you have faced the same issue before, please let me know.
Thank you in advance!
From the looks of what you mentioned there could be two things that can be the cause. One, the credentials that are given to you by the third party hosting are incorrect. But since you mentioned that you are able to access the sshuttle without a VPN, this clearly indicates that you need to get your dedicated IP approved from the hosting service if it's not marked spam. If you are looking for a dedicated IP VPN service provider try Ivacy.
I am attempting to Bind my Mac to a University AD server through an SSH tunnel. I have successfully created the tunnel and can access the directory by ldapsearch using the address localhost:389
The problem is that I wish to bind the computer through either the Directory Utility or dsconfigad but I get an error:
dsconfigad: Authentication server could not be contacted. (5200)
Could it be because I need to port forward more ports than just 389? or would it be a limitation put in place by the Directory Admins?
Active Directory is far more than LDAP - at the very least you'd need Kerberos, but it also tightly integrates with DNS (both SRV and A records), which'd require significant trickiness to fake over an SSL connection.
Realistically, I think you're going to need (at least) a full VPN connection to do this.
There is a server in my company and many people in the company work on it by Putty. We installed the Putty for our own computers to remote the server. BUT all of these happened in the company's inner web.
Now I want to remote the server from outer web. For example, I am home and I work on the company's server. For now I dont know how to realize this.
How can I configure the server and my PC at home?
Need I make some configuration for the router of the company? How?
Thanks in advance.
Assuming your company has a competent IT staff, there is a firewall that blocks incoming SSH attempts out. (It is called SSH, not Putty. Putty is just a program that Windows users tend to use for SSH.) Inside the company's network, you can SSH. So, from home, you will hit a firewall and you can't SSH in.
Does your company have a VPN system? If so, use that. There are many forms of VPN. Your company's IT staff can tell you how to configure your home machine so it can connect to the company's VPN. Once it does that, it will be as though your home computer is inside the company. You are inside the firewall. You can SSH.
You can ask if they will open the firewall for you. They shouldn't, but you can ask.
If you don't have VPN, all is not lost, but it gets more difficult. I don't expect you to do this, so I will only list the steps.
Install an SSH server on your home computer. Get it up and running. SSH into it from another computer at home.
Forward incoming port 22 requests to your home's firewall/router to your home computer so you can SSH into your home machine from outside your house, ie: From work. Test it from work to ensure it works.
Set up a reverse port forward SSH connection from the server at work to your home computer. What this does is initiate an SSH connection from the work server to your home computer. It then listens on a port on your home computer (pretend you used 2222 as the port). Now, from home, you SSH to your home computer (localhost) on 2222 and it connects over the previously made connection to the server at work.
Your IT staff might notice that you did this. They probably won't like it because you are bypassing their firewall.
You can either forward the port of the server to the public internet, or you can set up a VPN located inside your company's LAN that can be reached from outside the LAN such as OpenVPN.
Note: If you are planning to forward the server directly, make sure the server's security settings are set up correctly to prevent misuse of attackers. You can also restrict access to specific IP addresses using a firewall.
Assuming that your server is behind corporate network, you MUST require a VPN connection to access it. Talk to your IT department and they will be able to help with setting VPN connection.
I have a few VPN servers and I find it quite tedious to create several configurations for each server.
In a perfect world I'd love to do something like this:
pptp 168.24.15.65 username password
And that would connect me right away, is this doable?
pppd pty "pptp SERVER --nolaunchpppd" file /etc/ppp/options.pptp user USER password PASSWORD
require-mppe-128 option (could be enabled in options.pptp) is often needed for windows servers.
After connection usually configuration of routing is needed. Something like this:
ip route add 10/8 dev ppp0
The website says:
Tunnlr uses SSH remote tunneling. It securely connects a port on your
local machine to an open port on our public server. Once you start
your Tunnlr client, the web server on your local machine will be
available to the rest of the world through your special Tunnlr URL.
Could someone please go into a bit more detail over how this entire process works? Or maybe point to something open source that allows the same thing?
The SSH protocol allows tunneling of connections in either direction. So based on the description above here's what is happening:
You download a client program (an SSH client) to your computer and run it.
The client establishes an SSH connection out from your computer to the tunnlr remote server
On the tunnlr server an access port is opened for incoming connections. Let's say port 1234.
Now when anyone connects to tunnlr:1234 the tunnlr server will instruct your client program through the connection established in step 2 to open a connection inside your computer - let's say to port 80 (e.g. you're running a webserver there).
The tunnel connection will now shuffle data between tunnlr:1234 and your_computer:80.
So effectively this is what is running:
[some_remote_computer]<->[tunnlr:1234]<->[SSH tunnel]<->[your_computer:80]
Assume some_remote_computer is your friend or anyone else you want to be able to connect to your local web server.
SSH is available for many platforms (Linux, Windows, OSX and more). You can build such tunnels quite easily with it, but you will of course need access to both computers you want to build the tunnel between. Let's say one computer is your own computer and another is a VPS you've rented (or any other remote server with SSH access). Now you can run exactly the same setup.
The advantage with tunnlr is they manage the remote server for you, and they have a registered hostname you can use for your tunnels.