On Tue, 2006-12-19 at 11:55 +0000, James Wilkinson wrote: > But it is possible to use SSH either as a "poor man's" VPN, or as a > "sort-of" VPN. I've never done a full VPN over SSH, but I'd start by > reading http://tldp.org/HOWTO/ppp-ssh/index.html. The advantage of a SSH > VPN is that SSH tends to be a lot less picky about the sort of network > connections it gets than many VPNs, and SSH itself is easier to set up. > Disadvantages include that SSH is supposed to be a poor transport for IP > packets, and that if the SSH connection drops, so do all communications. > > You might get on better with port-forwarding. This can be as simple as > ssh -L 5900:192.168.1.55:5901 vncuser@xxxxxxxxxxxxxxxxxxxxxx > This connects you to a computer called jimdouglas.example.com, logs you > in as vncuser (through a password or private key), and creates a tunnel > between port 5900 on your machine and port 5901 on 192.168.1.55 on the > same local network as jimdouglas.example.com (it might or might not be > the same computer as jimdouglas.example.com). That then allows you to > connect a VNC viewer to port 5900 on your own machine, and log into > 192.168.1.55. > > It works very well for simple one-port protocols like VNC. It can be > more of a challenge to get it to work with SMB or NFS (usually I don't > bother and just sftp what I need). > > The advantage of this is that it's easy to set up SSH and be sure it's > going to work, and then it's practical to set up tunnels as needed > remotely. I used to use ssh and cipe to tunnel into my office machine, is this like that? Ric -- ================================================ My father, Victor Moore (Vic) used to say: "There are two Great Sins in the world... ..the Sin of Ignorance, and the Sin of Stupidity. Only the former may be overcome." R.I.P. Dad. Linux user# 44256 Sign up at: http://counter.li.org/ http://www.sourceforge.net/projects/oar http://www.wayward4now.net ================================================
