Whats the best solution?

Fri Feb 6 08:44:29 PST 2004

You might also want to take a look at OpenVPN
(/usr/ports/security/openvpn).  It's essentially a Layer 7 VPN using SSL
that works well w/ dynamic IP addresses and even allows for one
end-point to be NATed.  Not sure if this is quite the solution you're
looking for, but it might help.

-- 
Art Mason
Technical Support - Team F
Rackspace Managed Hosting
(800) 961-4454 ext. 1223
amason at rackspace.com

On Tue, 2004-02-03 at 00:29, Willie Viljoen wrote:
> SSH :-)
> 
> Have a look at the ssh(1) manpage. The port forwarding should be able to do
> what you are looking for. Also, to get the authentication to be automatic,
> set up your SSH to use public keys, and use a passphraseless public key on
> your laptop. This will let it automatically log in and set up the tunnel.
> You can then tunnel any TCP traffic through a secure channel to your server.
> This is all described in the man page.
> 
> For DNS, use the IP address of the server you plan to use for the other end
> of the tunnel. As long as you open only UDP port 53 and configure it
> sensibly, there should be no security risk to running a DNS that accepts
> from any IP, all proper DNS servers need to do this anyway. This way, you
> can run your own DNS, and possibly even put in some private DNS tricks to
> make working with the tunnel easier.
> 
> Will
> 
> ----- Original Message -----
> From: "Tuc at the Beach House" <tuc at tucs-beachin-obx-house.com>
> To: <freebsd-net at freebsd.org>
> Cc: <tuc at ttsg.com>
> Sent: Tuesday, February 03, 2004 4:25 AM
> Subject: Whats the best solution?
> 
> 
> > Hi,
> >
> > HELP!  Whew, ok, felt good to get that out.
> >
> > Heres my problem, I'd like to know what people feel would be the
> > best solution.
> >
> > I travel alot. When I do I bring a Wireless AP, and an Asante
> > Firewall. Normally I plug the Asante into the ethernet connection at
> > the hotel, and the WAP into the Asante.
> >
> > Some places I run into problem with their web proxy. Almost
> > all places I have a hell of a time with DNS. When I have DNS issues, the
> > machine just does not like it.
> >
> > I want to be able to set something up where I can tunnel to a
> > dedicated private server I have on the global internet, and route all
> > my traffic through it. I want it to be the default route, and once they
> > hit my end server, they then can be forwarded over the rest of the global
> > internet.
> >
> > I need to be able to have the client be on dynamic IPs. I need some
> > sort of an authentication. And most of all, something easy to debug would
> > help.
> >
> > Any ideas, thoughts, suggestions, etc?
> >
> > Thanks, Tuc/TTSG Internet Services, Inc.
> > _______________________________________________
> > freebsd-net at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
> > To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
> >
> >
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"