[kwlug disc.] tricky situation

Tue Dec 4 21:25:25 EST 2007

Chris Bruner wrote, On 12/04/2007 8:21 PM:
> I've got a friend who is trying to set up a network between his office
> and his house. He's self employed. At the office he is on a cheap bell
> arrangement, dsl, no port forwarding, no static ip.  At home he is on
> Rogers.
> 
> What I was thinking of was ssh tunneling from his office to his home
> (Rogers is a static ip right?) opening a port on his home network and
> letting him access his office through the tunnel.  He will have 3
> computers, two office computer s (linux and windows) and one home
> (windows) computers.
> 
> Does what I'm thinking of sound correct?

Yes. Pretty close. Rogers is not static.

Go to dyndns, no-ip, or other favourite site to get a (free) name.
No-ip will get you a name of the form {myname}.no-ip.org, or any of a
number of other similar domains. Their windows client just works. If
you can't find a happy equivalent for the Linux, and there should be a
number out there, install no-ip on an office win machine as well.
Doesn't matter which machine it goes on, all you want it to do is get
the current outside address into that name.

For home, if you're running cygwin, get down openssl. If you're not, I
believe openssl now has a standalone windows package (cygwin based).
Run it on 443 and 80, then he can get to it from anywhere. Rogers
doesn't block it, and if he keeps stuff on a usb key, even a public
internet cafe that blocks such will let you get through on 80.

For the office, it probably doesn't matter which machine you set
things up on, probably the only factor might be which machine he wants
to go to always, or, which machine is the userid/password 'master'.
You will want each office machine on a static ip so you can script him
an ssh portforwarding command line.

Don't know if you want a remote x server on the home office machine or
if you just want vnc (tightvnc offers filetransfer as well), or just
remote access to files.

The advantage of ssh is he can do it from anywhere, and any machine.
e.g. An office machine goes down. Even a live cd.

You may want to consider openvpn or an equivalent instead. Then the
connection could just stay up 24x7 and he doesn't even have to think
about it anymore. Could be you could make up a usb key with the
appropriate, to do the same that way. The other advantage is you could
cron backups back and forth.

He could then just use SMB, Samba, NFS, or whatever else he's using
between the two office machines now.

Do use certificates. No passwords or userids. You only want the one or
two certificates in the world to be able to get in. The 2nd
certificate might be if he has a laptop and goes on the road.

Good luck.