FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 06-18-2008, 08:56 PM
Rick Bilonick
 
Default SSL VPN

Could some one point me in the right direction for installing and using
ssl vpn? I've been using ssh to connect to my server but now it's going
to be behind a firewall that uses ssl vpn for connections.

Rick B.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-18-2008, 08:58 PM
Itamar - IspBrasil
 
Default SSL VPN

openvpn


Rick Bilonick wrote:

Could some one point me in the right direction for installing and using
ssl vpn? I've been using ssh to connect to my server but now it's going
to be behind a firewall that uses ssl vpn for connections.

Rick B.





--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-18-2008, 10:42 PM
Rick Bilonick
 
Default SSL VPN

On Wed, 2008-06-18 at 17:58 -0300, Itamar - IspBrasil wrote:
> openvpn
>
>
> Rick Bilonick wrote:
> > Could some one point me in the right direction for installing and using
> > ssl vpn? I've been using ssh to connect to my server but now it's going
> > to be behind a firewall that uses ssl vpn for connections.
> >
> > Rick B.
> >
> >

Thanks. I'm not familiar (yet) with exactly how vpn works. Will this
work with access via a web page? (I'm always worried that IT here will
make it virtually impossible to use Fedora or any Linux.) Plus I want to
be able to connect from my Linux laptop and other Linux computers.

Rick B.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-19-2008, 04:09 AM
John Priddy
 
Default SSL VPN

The short answer:
Talk to your IT staff first to see what kind of solution they are using
and if its possible to use a third party client, if so will they even
provide you the shared key, group name, etc. There are some reverse
engineering ways of determining some of these depending on
versions/vendors...


Long answer:
If your talking about some of the big name vendor VPN concentrator
products that your company may using for vpn access it may not be
possible. This completely different from the openvpn project mentioned
below. For these vendors (cisco, juniper, etc) the term 'SSL VPN or
WebVPN' is 'clientless'. You basically just go to an ssl web page
(https://webvpn.mycompany.com) , it asks for a username/password, and
then pushes down and installs some java applet from the concentrator,
opens this and connects with your credentials you provided, and then
sets up a tunnel such that all traffic bound for your workplace tunnels
through port 443.

Chances of this working on a non windows system are slim to none for
various reasons, most notably the vendors dont write java applets to run
under anything other than windows. I am not even sure this would be
possible due to permissions needed at the network level on linux to do
so.


On Wed, 2008-06-18 at 18:42 -0400, Rick Bilonick wrote:
> On Wed, 2008-06-18 at 17:58 -0300, Itamar - IspBrasil wrote:
> > openvpn
> >
> >
> > Rick Bilonick wrote:
> > > Could some one point me in the right direction for installing and using
> > > ssl vpn? I've been using ssh to connect to my server but now it's going
> > > to be behind a firewall that uses ssl vpn for connections.
> > >
> > > Rick B.
> > >
> > >
>
> Thanks. I'm not familiar (yet) with exactly how vpn works. Will this
> work with access via a web page? (I'm always worried that IT here will
> make it virtually impossible to use Fedora or any Linux.) Plus I want to
> be able to connect from my Linux laptop and other Linux computers.
>
> Rick B.
>

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-19-2008, 04:14 AM
John Priddy
 
Default SSL VPN

Oh, forgot to mention -- if your vendor is on this list, try using
'vpnc':

http://www.vpnc.org/member-list.html

http://www.vpnc.org/


There should be howtos on this all over the web.


On Thu, 2008-06-19 at 00:09 -0400, John Priddy wrote:
> The short answer:
> Talk to your IT staff first to see what kind of solution they are using
> and if its possible to use a third party client, if so will they even
> provide you the shared key, group name, etc. There are some reverse
> engineering ways of determining some of these depending on
> versions/vendors...
>
> 
> Long answer:
> If your talking about some of the big name vendor VPN concentrator
> products that your company may using for vpn access it may not be
> possible. This completely different from the openvpn project mentioned
> below. For these vendors (cisco, juniper, etc) the term 'SSL VPN or
> WebVPN' is 'clientless'. You basically just go to an ssl web page
> (https://webvpn.mycompany.com) , it asks for a username/password, and
> then pushes down and installs some java applet from the concentrator,
> opens this and connects with your credentials you provided, and then
> sets up a tunnel such that all traffic bound for your workplace tunnels
> through port 443.
>
> Chances of this working on a non windows system are slim to none for
> various reasons, most notably the vendors dont write java applets to run
> under anything other than windows. I am not even sure this would be
> possible due to permissions needed at the network level on linux to do
> so.
>
>
> On Wed, 2008-06-18 at 18:42 -0400, Rick Bilonick wrote:
> > On Wed, 2008-06-18 at 17:58 -0300, Itamar - IspBrasil wrote:
> > > openvpn
> > >
> > >
> > > Rick Bilonick wrote:
> > > > Could some one point me in the right direction for installing and using
> > > > ssl vpn? I've been using ssh to connect to my server but now it's going
> > > > to be behind a firewall that uses ssl vpn for connections.
> > > >
> > > > Rick B.
> > > >
> > > >
> >
> > Thanks. I'm not familiar (yet) with exactly how vpn works. Will this
> > work with access via a web page? (I'm always worried that IT here will
> > make it virtually impossible to use Fedora or any Linux.) Plus I want to
> > be able to connect from my Linux laptop and other Linux computers.
> >
> > Rick B.
> >
>

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-19-2008, 04:48 AM
Rick Bilonick
 
Default SSL VPN

On Thu, 2008-06-19 at 00:14 -0400, John Priddy wrote:
> Oh, forgot to mention -- if your vendor is on this list, try using
> 'vpnc':
>
> http://www.vpnc.org/member-list.html
>
> http://www.vpnc.org/
>
>
> There should be howtos on this all over the web.
>

> >


I'm just curious and maybe completely off base, but is there any way to
use ssh to contact the server if I first ssh out from the server?

Rick B.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-19-2008, 05:00 AM
John Priddy
 
Default SSL VPN

ssh doesnt really have anything to do with ssl vpn or vpn in general for
that matter. im not sure i fully understand what your asking, but yes,
you can tunnel traffic through ssh to other ports. see the -L option of
ssh. of course the ssh port will have to be both open and forwarded
from the router/firewall to the big bad internet. opening up this
pretty much defeats the purpose of a vpn/firewall architecture though.

On Thu, 2008-06-19 at 00:48 -0400, Rick Bilonick wrote:
> On Thu, 2008-06-19 at 00:14 -0400, John Priddy wrote:
> > Oh, forgot to mention -- if your vendor is on this list, try using
> > 'vpnc':
> >
> > http://www.vpnc.org/member-list.html
> >
> > http://www.vpnc.org/
> >
> >
> > There should be howtos on this all over the web.
> >
>
> > >
>
>
> I'm just curious and maybe completely off base, but is there any way to
> use ssh to contact the server if I first ssh out from the server?
>
> Rick B.
>

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-19-2008, 11:55 AM
Rick Bilonick
 
Default SSL VPN

On Thu, 2008-06-19 at 01:00 -0400, John Priddy wrote:
> ssh doesnt really have anything to do with ssl vpn or vpn in general for
> that matter. im not sure i fully understand what your asking, but yes,
> you can tunnel traffic through ssh to other ports. see the -L option of
> ssh. of course the ssh port will have to be both open and forwarded
> from the router/firewall to the big bad internet. opening up this
> pretty much defeats the purpose of a vpn/firewall architecture though.
>
> On Thu, 2008-06-19 at 00:48 -0400, Rick Bilonick wrote:
> > On Thu, 2008-06-19 at 00:14 -0400, John Priddy wrote:
> > > Oh, forgot to mention -- if your vendor is on this list, try using
> > > 'vpnc':
> > >
> > > http://www.vpnc.org/member-list.html
> > >
> > > http://www.vpnc.org/
> > >
> > >
> > > There should be howtos on this all over the web.
> > >
> >
> > > >
> >
> >
> > I'm just curious and maybe completely off base, but is there any way to
> > use ssh to contact the server if I first ssh out from the server?
> >
> > Rick B.
> >
>

I guess I did not explain well. First, I ssh from the server (which is
behind a firewall) out to my home computer and leave this connection
open. Then when I go home, is there any way that I can use this
connection from home? That is, can I somehow tunnel back through from
home to the server over this connection? I may be totally off base, but
I thought I read somewhere that this could be done.

Rick B.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-19-2008, 12:08 PM
John Priddy
 
Default SSL VPN

Yes, it's definitely possible to tunnel traffic through an established
ssh connection. Probably beyond the scope of what can be explained on
the mailing list (not to mention, i have never actually set this up
myself and would probably do a poor job of it compared to others on this
list). I would just search for 'ssh vpn tun'. There's bound to be
information out there by people that have done this at other non linux
friendly vpn shops. I have also seen people doing this to get around
web filtering, monitoring, etc @work.

John


On Thu, 2008-06-19 at 07:55 -0400, Rick Bilonick wrote:
> On Thu, 2008-06-19 at 01:00 -0400, John Priddy wrote:
> > ssh doesnt really have anything to do with ssl vpn or vpn in general for
> > that matter. im not sure i fully understand what your asking, but yes,
> > you can tunnel traffic through ssh to other ports. see the -L option of
> > ssh. of course the ssh port will have to be both open and forwarded
> > from the router/firewall to the big bad internet. opening up this
> > pretty much defeats the purpose of a vpn/firewall architecture though.
> >
> > On Thu, 2008-06-19 at 00:48 -0400, Rick Bilonick wrote:
> > > On Thu, 2008-06-19 at 00:14 -0400, John Priddy wrote:
> > > > Oh, forgot to mention -- if your vendor is on this list, try using
> > > > 'vpnc':
> > > >
> > > > http://www.vpnc.org/member-list.html
> > > >
> > > > http://www.vpnc.org/
> > > >
> > > >
> > > > There should be howtos on this all over the web.
> > > >
> > >
> > > > >
> > >
> > >
> > > I'm just curious and maybe completely off base, but is there any way to
> > > use ssh to contact the server if I first ssh out from the server?
> > >
> > > Rick B.
> > >
> >
>
> I guess I did not explain well. First, I ssh from the server (which is
> behind a firewall) out to my home computer and leave this connection
> open. Then when I go home, is there any way that I can use this
> connection from home? That is, can I somehow tunnel back through from
> home to the server over this connection? I may be totally off base, but
> I thought I read somewhere that this could be done.
>
> Rick B.
>

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-19-2008, 12:14 PM
John Priddy
 
Default SSL VPN

http://www.redhatmagazine.com/2007/11/27/advanced-ssh-configuration-and-tunneling-we-dont-need-no-stinking-vpn-software/



On Thu, 2008-06-19 at 08:08 -0400, John Priddy wrote:
> Yes, it's definitely possible to tunnel traffic through an established
> ssh connection. Probably beyond the scope of what can be explained on
> the mailing list (not to mention, i have never actually set this up
> myself and would probably do a poor job of it compared to others on this
> list). I would just search for 'ssh vpn tun'. There's bound to be
> information out there by people that have done this at other non linux
> friendly vpn shops. I have also seen people doing this to get around
> web filtering, monitoring, etc @work.
>
> John
>
>
> On Thu, 2008-06-19 at 07:55 -0400, Rick Bilonick wrote:
> > On Thu, 2008-06-19 at 01:00 -0400, John Priddy wrote:
> > > ssh doesnt really have anything to do with ssl vpn or vpn in general for
> > > that matter. im not sure i fully understand what your asking, but yes,
> > > you can tunnel traffic through ssh to other ports. see the -L option of
> > > ssh. of course the ssh port will have to be both open and forwarded
> > > from the router/firewall to the big bad internet. opening up this
> > > pretty much defeats the purpose of a vpn/firewall architecture though.
> > >
> > > On Thu, 2008-06-19 at 00:48 -0400, Rick Bilonick wrote:
> > > > On Thu, 2008-06-19 at 00:14 -0400, John Priddy wrote:
> > > > > Oh, forgot to mention -- if your vendor is on this list, try using
> > > > > 'vpnc':
> > > > >
> > > > > http://www.vpnc.org/member-list.html
> > > > >
> > > > > http://www.vpnc.org/
> > > > >
> > > > >
> > > > > There should be howtos on this all over the web.
> > > > >
> > > >
> > > > > >
> > > >
> > > >
> > > > I'm just curious and maybe completely off base, but is there any way to
> > > > use ssh to contact the server if I first ssh out from the server?
> > > >
> > > > Rick B.
> > > >
> > >
> >
> > I guess I did not explain well. First, I ssh from the server (which is
> > behind a firewall) out to my home computer and leave this connection
> > open. Then when I go home, is there any way that I can use this
> > connection from home? That is, can I somehow tunnel back through from
> > home to the server over this connection? I may be totally off base, but
> > I thought I read somewhere that this could be done.
> >
> > Rick B.
> >
>

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 04:47 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org