New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managersįortunately, you have Secure Shell (SSH) to lean on. How Generative AI is a Game Changer for Cloud Security But what happens when your company (or your home) network doesn’t allow the default VNC port (5901) to remain open? How do you get in? Must-read security coverageĨ Best Penetration Testing Tools and Software for 2023Ħ Best Cybersecurity Certifications of 2023 When that need arises, the most obvious choice of connection is VNC. There are times when you need to remote into a Linux desktop. For more info, visit our Terms of Use page. This may influence how and where their products appear on our site, but vendors cannot pay to influence the content of our reviews. We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. # where -to-source is $GW's real external address.If your network doesn't allow connections into the default VNC port 5901, you can tunnel it through SSH. # in addition, $GW must NAT on behalf of the VPN hosts. # 2nd and 3rd override default route without replacing it. # 1st preserves real route to $GW, avoiding route loop. # route add -host $GW gw 192.168.0.1 # that is, your # to make the tunnel a default route replacement: Ifconfig tun$IFACE $HITHER pointopoint $YON netmask 255.255.255.255 "ifconfig tun$IFACE $YON pointopoint $HITHER netmask 255.255.255.255 & echo "$": identical addresses not allowed & exit 1 # manual, for random, probably temporary connections. # automatic, for specific, known, regularly-connected hosts. # others connect and route through $GW to reach # this creates a star topology with $GW at center, # and clients must be able to ssh to $GW as root. # /etc/ssh/sshd_config on $GW must include: number of the tun device, same at both ends. # make-ssh-tunnel HITHER YON INTERFACE GW Others can connect as well but must use other configurations. Certain hosts are common and well known, we give them fixed configurations. They will use 172.17.2.0/24 as the VPN "carrier" network. Presume a server, we'll call it "hub", to which ssh tunnel clients connect. You don't need to run some other VPN through ssh. A quick google search turns up this blog post which does essentially the same thing, has good descriptions of what's going on, but seems to be more complicated in the solution (using a connection script)Īlternatively, you might also look at using obfs4proxy (e.g. That should work, at least for ipv4 traffic. You might be able to to use the hostname REMOTE in that directive, but you might need to resolve it to an IP address manually. To do this, add another directive to your OpenVPN config that looks like this: route REMOTE-IP 255.255.255.255 net_gateway default For that to work, you need to maintain a route to the SOCKS proxy end point that does not get masked by the routes added by the OpenVPN client. However, this still has one more failing, at least assuming you want to redirect all traffic through the VPN (OpenVPN directive redirect-gateway def1). Then you can start your OpenVPN connection. Then, start your ssh session with a dynamic SOCKS proxy: ssh -D 6886 -N REMOTE Add to your OpenVPN config file: socks-proxy localhost 6886 The fix for this is to use a dynamic SOCKS proxy and tell OpenVPN to connect via that proxy. First problem: you are only tunneling the connection to the VPN server itself, which does not then allow all other traffic to be routed through the VPN server OVER the ssh connection (thus obfuscating the connection). The simplistic approach to setting up your VPN connection through an SSH tunnel will not work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |