Using a TCL box as a VPN gateway to my home network

[barbudor]

Hello,

I am wondering if I could get a TCL box with a single Ethernet port to provide me VPN access to my home Network from outside.

My configuration is :

Code: [Select]

Internet --- DSL box with included NAT router --- Home network ---+--- TCL box
                                                                  +--- other PCs
                                                                  +--- other PCs

I was first considering OpenVPN but apprently it is not possible to use it as above : seems to me that OpenVPN requires 2 port on my box in order to insert it as a router between the DSL modem and my home network.

I cam across Hamachi.
On LogMeIn site, the latest version is Hamachi2 which do not support Linux.

I found another thread on this forum which refers to http://files.hamachi.cc/linux/ where I can find what seems to be old versions :

   Friday, January 05, 2007  5:47 AM       344866 hamachi-0.9.9.9-20-lnx.tar.gz

Seems to be old.

I will appreciate any advice on this topic.
- Is hamachi 0.99 a good solution ? If yes, is it compatible with Hamachi2 windows clients from LogmeIN ?
- Is there a way to achieve what I want using openVPN or any other VPN software ?

Thanks in advance.

Best regards

barbudor

[gerald_clark]

I use OpenVPN on TCL as VPN appliance to connect two networks.
It has only one Ethernet connection.
It routes VPN traffic out through the DSL modem to the other network.

The OpenVPN docs are a must-read.

[barbudor]

Hi Gerald

Thanks.
Unfortunately I find ovpn docs qui hard to read 
Do you have any link to a tutrial that would be readable for me ?

Thanks

Regards

[gerald_clark]

I used the docs.

[vitex]

I am wondering if I could get a TCL box with a single Ethernet port to provide me VPN access to my home Network from outside.

Do you need the full capabilities of a VPN so you can access a many different services on your home system?  If you only need a few services, ssh may provide all you need.  For example, I sometimes use an ssh proxy between my netbook and my home router to protect my web browsing when I am travelling and must use unencrypted public Wi-Fi.   

[netnomad]

hi vitex,

i agree to your proposal.
some remarks or opinions to discuss:

ssh tunnels are easy to use and the evalutation of security is not difficult.
misconfiguration ends usually in no result, no connection.

in vpns it can happen that some network communication runs unsecured outside the vpn tunnel.
misconfiguration is not so easy to detect and can be overlooked, unnoticed.

[barbudor]

Hi

I am already using a ssh connection + proxy (dropbear + polipo) over port 443 which allow connection from almost everywhere as port 443 (https) is generally open and proxy-less.

But this is not where I want to go at the end.

ssh is painful as it requires to create a tunnel for each and every application (read "port") you need (one for web proxy, one for ftp, one for ...)
And it does not securely capture all my IP connection into a single tunnel.

I want all my IP traffic to be captured and sent through the tunnel to my home network. Not only accessing shared drives, but doing painless remote desktop or for all application to access Internet not directly but from my home.

That's why I am looking for a full featured VPN but expecting to find something easy to install or a t least a good tutorial.
What I found so far about OpenVPN configuration always consider 2 physical ethernet connection.

Thanks.

[vitex]

I want all my IP traffic to be captured and sent through the tunnel to my home network. Not only accessing shared drives, but doing painless remote desktop or for all application to access Internet not directly but from my home.

I appears that you probably do need a VPN.

A simple but limited solution is to use openssh as a SOCKS proxy (-D option) and configure torsocks http://forum.tinycorelinux.net/index.php/topic,11315.msg60020.html#msg60020 to use the openssh proxy instead of Tor.  Any TCP-based (but not UDP) service (with a few limitations) that you start via torsocks will be sent through an encrypted channel to your home network.

A more elegant approach is used by Tails http://tails.boum.org/about/index.en.html]([url]http://tails.boum.org/about/index.en.html)[/url], a Debian-based live CD / USB system that provides protection by using a firewall to route all network connections through the Tor network.  Combining a firewall similar to theirs with an openssh SOCKS proxy would seem to give you what you want.

[gerald_clark]

The second ethernet connection can be an alias on eth0:0 ( The same interface ).