01-19-2012
Hi Corona688,
And thanks so much for the idea. It sounds fantastic!
I'm now thinking of using this idea on a standard basis with all my clients.
I tried to get started with VPN in general.
And if I understand well, I can create sort of a global private network among all my customer's offices and mine. All controled by a VPN server that I'll choose to host public rather than behind my box.
I got a few questions if you don't mind:
The public VPN server.- I will host it on a dedicated server at OVH.
- It will have a public IP address (say 83.84.85.86).
- Does it need to have a second NIC for the VPN address or is it just a setting in the service configuration.
- Can I set it to route all traffic between my office and my customers and to route all traffic between my customers and me but not between my custmers?
All the network boxes.- If I understand well, there's nothing I need to configure given that the connection will be outgoing (from each network server to the VPN server). Is that correct?
All the network Debian servers.- I will install OpenVPN and set it to connect to the VPN server (83.84.85.86). That's it?
- They usually just have one NIC. Do I just need to set them with a VPN compatible IP address?
- At that point, will my Debian server be able to SSH connect to any client Debian server ?
All the network workstations.- I'd like to not set anything there. Just DHCP.
- If I tell them the gateway is their local Debian server. And then if I tell the server to route requests through the VPN.
- Will all the workstation look like they are in the same network?
This project seems very exciting!
I can't wait for another hint!
I know it's a lot of questions to ask so don't feel pressured and just answer whatever you have time for.
Thank you SOO much for your brilliant idea.
Santiago
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I *think* what I want to do is not only possible but easy, but as a "dummy" :) I can't figure it out. Here's what I have:
Linux (Ubuntu 10.04) laptop that is not in my house, but has an Internet connection.
Linux (Ubuntu 9.04) computer in my house that has unfettered access to the... (6 Replies)
Discussion started by: WesleyC
6 Replies
2. UNIX for Advanced & Expert Users
Two question here, but it's only one on the protocol point of view.
If two persons use the same key to connect to a SSH server is there a risk they can decipher the other tunnel. In other terms is that less safe than if they have two separate keys.
Same question if two persons use the same user... (2 Replies)
Discussion started by: moi
2 Replies
3. UNIX for Advanced & Expert Users
I have initiated a tunnel for vncserver. now i want to stop it. is there any way except sleep option? (2 Replies)
Discussion started by: majid.merkava
2 Replies
4. Cybersecurity
Hi all,
I'm trying have an alternative way of connecting into a Corporate network. Mostly in case the VPN down as I cannot also change the security policy.
I want to expose windows RDP over ssh tunnel.
I have 3 hosts in my scenario
1- Host a : Windows 2k8 has no internet access just only an... (3 Replies)
Discussion started by: h@foorsa.biz
3 Replies
5. UNIX for Dummies Questions & Answers
I'm trying to setup a link between my home pc (work-machine) and a server at work (tar-machine) that is behind a gateway (hop-machine) and not directly accessible.
my actions:
work-machine$ ssh -L 1234:tar-machine:22 hop-machine
work-machine$ ssh -p 1234 user@127.0.0.1
- shh access on... (1 Reply)
Discussion started by: Vathau
1 Replies
6. IP Networking
I have a Java web app on machine (X) that needs to talk to an LDAP server (Y) on :636, but the LDAP server is only accessible on a particular network.
I can login to a machine (Z) on that network from X, and this machine can talk to the LDAP server on :636.
How can I tunnel so that X can... (2 Replies)
Discussion started by: spacegoose
2 Replies
7. UNIX for Advanced & Expert Users
Hi all
I have a suite of scripts that ssh to remote servers within a cluster and run some tests. This is done from a central server so that all of the test results can be captured in one location.
Problem is I now have 509 tests and the number is growing. The scripts work by establishing a... (2 Replies)
Discussion started by: steadyonabix
2 Replies
8. Proxy Server
Hello,
I have a video streaming application that utilizes a WebSocket for the server <-> client communication. My goal is to make the video streaming service available over the internet in the cases where neither the server nor client have public IPs.
One way to do this is over a VPN... (8 Replies)
Discussion started by: Vladislav
8 Replies
9. Solaris
Hello Solaris experts:
Trying to bring the 11.3 gdm screen over ssh to a Linux Box:
I did the following:
1. made chanes to /etc/ssh/sshd_config & bounced ssh daemon:
# X11 tunneling options
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
2. From the remote Linux box:
... (6 Replies)
Discussion started by: delphys
6 Replies
10. UNIX for Advanced & Expert Users
I am not clear with the part of concept of Tunneling using ssh.
ssh -f -N -L 1029 192.168.1.47:25 james@192.168.1.47
I found out that above code works for me . but didn't quite well understood how ti works and need to ask you guys some questions.
since we are using tunnel through ssh ... (2 Replies)
Discussion started by: lobsang
2 Replies
LEARN ABOUT SUSE
ssh-copy-id
SSH-COPY-ID(1) General Commands Manual SSH-COPY-ID(1)
NAME
ssh-copy-id - install your public key in a remote machine's authorized_keys
SYNOPSIS
ssh-copy-id [-i [identity_file]] [user@]machine
DESCRIPTION
ssh-copy-id is a script that uses ssh to log into a remote machine (presumably using a login password, so password authentication should be
enabled, unless you've done some clever use of multiple identities)
It also changes the permissions of the remote user's home, ~/.ssh, and ~/.ssh/authorized_keys to remove group writability (which would oth-
erwise prevent you from logging in, if the remote sshd has StrictModes set in its configuration).
If the -i option is given then the identity file (defaults to ~/.ssh/id_rsa.pub) is used, regardless of whether there are any keys in your
ssh-agent. Otherwise, if this:
ssh-add -L
provides any output, it uses that in preference to the identity file.
If the -i option is used, or the ssh-add produced no output, then it uses the contents of the identity file. Once it has one or more fin-
gerprints (by whatever means) it uses ssh to append them to ~/.ssh/authorized_keys on the remote machine (creating the file, and directory,
if necessary)
SEE ALSO
ssh(1), ssh-agent(1), sshd(8)
OpenSSH 14 November 1999 SSH-COPY-ID(1)