Topic: How can I tunnel through my server from the outside?

[turtle2472]

I have a few places where I travel that block VPN ports and certain types of web sites I use (messaging forums being the biggest one).  In most cases VPN isn't blocked so I just VPN into the server and use this to tunnel all my traffic allowing me access to my favorite sites.  This doesn't work for some though because they block VPN.  In those cases I'd still like to be able to tunnel my traffic through my server.

How can I do this?

It's a safe assumption that the WiFi networks I'm connecting to (with permission, not wardriving) use major IT security blocking traffic and locking down.  They don't block access to my server though.  I use DynDNS to connect to it without any issues for normal traffic and everthing works, but VPN.  Any ideas?

[jokiin]

I have a few places where I travel that block VPN ports and certain types of web sites I use (messaging forums being the biggest one).  In most cases VPN isn't blocked so I just VPN into the server and use this to tunnel all my traffic allowing me access to my favorite sites.  This doesn't work for some though because they block VPN.  In those cases I'd still like to be able to tunnel my traffic through my server.

How can I do this?

It's a safe assumption that the WiFi networks I'm connecting to (with permission, not wardriving) use major IT security blocking traffic and locking down.  They don't block access to my server though.  I use DynDNS to connect to it without any issues for normal traffic and everthing works, but VPN.  Any ideas?

a long time since I looked but I do recall something previously that used Putty to set up a tunnel over port 80, maybe this is the kind of thing you need, actually I just had a quick look on Google with 'putty tunnel port 80' as the search string and there is a ton of hits on this

[CharlieBrady]

This doesn't work for some though because they block VPN.  In those cases I'd still like to be able to tunnel my traffic through my server.

I assume that you mean PPTP VPN when you say VPN.

If they allow SSH traffic, then you can port forward port 3128 through SSH, and set your browser proxy to use localhost:3128.

[turtle2472]

I assume that you mean PPTP VPN when you say VPN.

If they allow SSH traffic, then you can port forward port 3128 through SSH, and set your browser proxy to use localhost:3128.

Yeah, I meant PPTP VPN.  I don't know if they allow IPSec, I never set it up on my server.

So while I'm away from my home I would use mydomain.dyndns.org:3128 for my proxy?

[Stefano]

So while I'm away from my home I would use mydomain.dyndns.org:3128 for my proxy?

no.. you have to create a ssh tunnel to your SME's squid.. re-read Charlie's advice..

[mmccarn]

Here are some step-by-step instructions:
http://forums.contribs.org/index.php/topic,44140.msg212434.html#msg212434

[turtle2472]

Thanks guys.  I really appreciate this.  I'm going to be tunneling in from a Mac though so I'll look at what I can use to make the putty tunnel with a MAc instead.  Thanks again!

If you happen to know of one off the top of your head it might be nice to have here for later reference too.

[mmccarn]

Open a terminal window on your Mac, then replace the word "putty" with the word "ssh" in the other example, like this:

ssh my.home.sme -L 3128:127.0.0.1:3128 -l root

If you have changed the default port for sshd on your SME server, you need to specify the new port on the commandline:

ssh my.home.sme -L 3128:127.0.0.1:3128 -l root -p 2222

(If using putty, the "port" command-line option is a capital P instead of a lower case p)

For my son's macbook, I did some searching and found an app that allows you to do the above using your mouse and an icon, instead of always doing it manually...

[billi]

Further to mmccarn's post

It appears your Mac terminal is like a Linux terminal. So here is an example of a ssh tunneling script I use to access a clients network and all the machines on it. This network uses hardware VPN routers (20 +)
I got the seed of this from a Riley book Linux Hacks
******************
ssh  -l <logon user> -p 11122 '-L 8080:10.10.11.1:80' '-L 8081:10.10.11.35:80' '-L 8082:10.10.11.15:80' '-L 4430:10.10.11.15:443'  '-L 8012:10.10.12.1:80'  '-L 3389:10.10.11.20:3389' '-L 55900:10.10.11.25:5900' '-L 11123:10.10.11.35:22' xxx.xxx.xxx.xxx cat -
*******************
the xxx's are ip address of the server on the internet.
So
(-l logon user) a user that you have made a user that can directly logon to the server (root does this by default)
(-p port 11122) this set in the remote setup in server-manager
('-L 8080:10.10.11.1:80') in my local browser and putting localhost:8080 in the address bar will get me connected to the web interface of the router.
('-L 8012:10.10.12.1:80') in my local browser and putting localhost:8012 in the address bar will get me connected to the web interface of the router on a remote vpn router.
('-L 8081:10.10.11.35:80') in my local browser and putting localhost:8081 in the address bar will get me connected to the website on another SME server.
('-L 55900:10.10.11.25:5900') put into my VNC client will allow me to run a machine with UltraVNC installed and an IP address of 10.10.11.25.
('-L 3389:10.10.11.20:3389') put into my rdp client will allow connection to Windows machine 10.10.11.20 with RDP set up.
('-L 4430:10.10.11.15:443') ('-L 8082:10.10.11.15:80') allow connection to a SME server/server-manager. This take a bit of fooling around but it works.
Finally the (cat -) part keeps the connection open

I find ssh tunnelling invaluable and if you can remember the syntax - it is easy peasy to support your network from just about any internet connected computer. Watch security though.

[si_blakely]

I use HttpTunnel (http://http-tunnel.sourceforge.net/) - the server side is a PHP script installed into an iBay and using the php 5.3 cgi contrib. The client side is a perl script running with Strawberry Perl (a portable perl implementation for Windows). My portable versions of Firefox and Thunderbird are set up to use local ports that get forwarded via the HttpTunnel. The packets are zipped and base64 encoded but not encrypted (they could be with a more complete php 5.3 implementation. All this traverses my work http only proxy, and then connects to the internet via my SME server proxy.

It works a charm, and does not interfere with normal port 80 operation. Now I want to get a client that works on my Android phone...

Si

[turtle2472]

Thanks for the input.  I'll look more into that option too.