Archway Surgery. Archway Development & Consulting Ltd
MAIN MENU
ARCHWAY Surgery
Prison Services
Zebedee
NHS Organisations impacting Primary Care
CATS and CAS
Practice Based Commissioning Problems
 ENQUIRE 
NatPact Web Site
GP contracts




Part Three

Connecting past firewalls and having your own VPN
The Ultimate Solution  SoftetherVPN

Working behind a firewall, and getting back into work computers sited behind a firewall.

Over the years I have been working in places where I have had to contend with tight managed firewalls. Opening ports for specific tasks is a bore and a risk. Some domestic routers do not cope with a Virtual Private Network at all.  There are various methods you can use to connect applications across firewalls.  In setting anything up you have to have access to computers both sides of the firewall to install the client and server roles such as at home and at work.  You many do need even need access to the routers although you may have access to one router such as your home router to make live easier

This page supersedes all my other blogs have done to date on tunnels and Hamachi, as life is now getting simpler with improved and easier VPNs. The University of Tsukuba Japan has come up with the simplest secure system that does everything one could possibly need. http://www.softether.org/

Apart from getting through firewalls at hotels and the like, another reason to use  tunnels, proxy or vpn such as Sotfethervpn is to keep appearing as if you are home on your county's IP address range when traveling.  Banks  can lock your account if they see you coming different country IPs, so going via a tunnel and poxy to back home is very useful and secure.

The first tunnel system I used was Neil Winton’s Zebedee.  It also transmits UDP packets which is an advantage. More detail on it are here https://bulger.co.uk/zebedeeins.htm   Next I was tunneling with SSH. Then the penny dropped that SSH on a server has a sock proxy function, so you can connect your network to the outside world via your remote proxy.  Bitvise http://www.bitvise.com/index  has the simplest windows server and client to use, and of course Linux has SSH by default, but sometimes need tunnelling enabled in sshd.conf.   On the client end it is best to install a different browser such as Seamonkey http://www.seamonkey-project.org/  which gives the option of choosing proxy for some functions and pages, leaving windows and internet explorer’s connection alone.  Portable USB stick versions can work were admin rights are restricted.  My struggles with SSH are here. https://bulger.co.uk/sshins.htm

A less fiddly approach is to set up a Virtual Private Network to access all the computers remotely on all ports, and use the remote computer as a gateway to the rest of the world if needed.   VPNs allow everything to pass and can in effect join networks so you can reach any computer on the subnets.   Alas running VPNs can be time consuming to configure,routing a nightmare and very difficult, if not impossible to set up behind a NATed firewalls.   OpenVPN has got better but is not easy at all.  

 If all  you want are some functions or a browser to use the remote connection or you may not want the work computer to take on a new default route for everything else when borwsing, then an SSH Socks proxy tunnel is the better option.

Now in 2013 I discover the best VPN solution so far for connecting office and home through firewalls.   SSH still has a role, but  this replaces all other solutions and Hamachi in particular.

Softerthervpn  http://www.softether.org/

This is a true VPN and a free product from Japan that can conduct all its traffic though any port of your choosing, including port 80 or 443... web ports that not even the most mean hotel  can block, although you will have to disable any web server functions IIS or apache say to free those ports on the receiving server to use those ports.

Softerthervpn gets through everything and can connect via an http proxy servers.   It is marketing itself as a replacement for IPSEC and Openvpn, but it can certainly replace thye need to use Hamachi

 It is so much easier to set up than OpenVPN, than almost all VPNs other than Hamachi  Alas Hamachi is now getting costly.   Softethervpn has a huge range of options for really complex networks if needed.  It also has a client remote management GUI tool of the server that connects on the same port as the VPN itself, making it feel like SSH, with the client logging in and telling the server what to do.   What is more it comes in all flavours, Windows, Linux and even PowerPC so in theory one could install it on a WDLIVE DRIVE, now called WD Cloud network backup.

I have Softethervpn servers running on Windows 2008 and UBUNTU VPS servers.   It works.  Softethervpn also works using Openvpn client packages, with a quick configuration tool  for OpenVPN, such that I can use android Openvpn application and connect from VPNs from my phone wherever I am.  OPenvpn cleints simply have to read Softethervpn's generated .ovpn  file.   I am very impressed.   

Sofethervpn beats Hamachi hands down for speed, and of course no cost and no third party to worry about.  The network you create with Softethervpn is yours alone, and does requiring any third party server, although you can use one and they have a service on offer.  It also comes with keep alive and a free dns function if your servers IP keep changing.   No need for instructions here as their web site is written in excellent English; only one word jars to me using the "realise"  to mean create or finish which is a use, but odd,  rather than realsie as meaning understand something. That is a minor churlish remark from someone who can only speak English and can't write a line of code.

Gerard Bulger

contact