|
Part Three Connecting past firewalls and having your own VPN The Ultimate Solution SoftetherVPN Working behind a firewall, and getting back into work computers sited behind a firewall. Over the years I have been working in places where I have had to contend with tight managed firewalls. Opening ports for specific tasks is a bore and a risk. Some domestic routers do not cope with a Virtual Private Network at all. There are various methods you can use to connect applications across firewalls. In setting anything up you have to have access to computers both sides of the firewall to install the client and server roles such as at home and at work. You many do need even need access to the routers although you may have access to one router such as your home router to make live easier. This page supersedes all my other blogs have done to date on tunnels and Hamachi, as life is now getting simpler with improved and easier VPNs. The University of Tsukuba Japan has come up with the simplest secure system that does everything one could possibly need. http://www.softether.org/ Softethervpn connects getting through firewalls at hotels and from phones and tablets. A reason to use tunnels, proxy or vpn such as Sotfethervpn is to keep appearing as if you are home on your county's IP address range when traveling. Banks can lock your account if they see you coming different country IPs, so going via a tunnel and poxy to back home is very useful and secure. The
first tunnel system I used was Neil Winton’s
Zebedee.
It also transmits UDP
packets
which is an advantage. More detail on it are here https://bulger.co.uk/zebedeeins.htm
Next I was tunneling with SSH. Then
the penny dropped that SSH on
a server has a socks proxy function, so you can connect your network to
the
outside world via your remote proxy. Bitvise
http://www.bitvise.com/index
has
the simplest windows server and client to
use, and of course Linux has SSH by default, but sometimes need
tunnelling enabled
in sshd.conf. On
the client end it
is best to install a different browser such as Seamonkey http://www.seamonkey-project.org/
which
gives the option of choosing proxy for
some functions and pages, leaving windows and internet
explorer’s connection
alone.
Portable USB stick
versions can
work were admin rights are restricted. My
struggles with SSH are here. https://bulger.co.uk/sshins.htm A less fiddly approach is to set up a Virtual Private Network to access all the computers remotely on all ports, and use the remote computer as a gateway to the rest of the world if needed. VPNs allow everything to pass and can in effect join networks so you can reach any computer on the subnets. Alas running VPNs can be time consuming to configure,routing a nightmare and very difficult, if not impossible to set up behind a NATed firewalls. OpenVPN has got better but is not easy at all. If all you want are some functions or a browser to use the remote connection or you may not want the work computer to take on a new default route for everything else when borwsing, then an SSH Socks proxy tunnel is the better option. In 2013 I discover the best VPN solution so far for connecting office and home through firewalls. SSH still has a role, but this replaces all other solutions and Hamachi in particular. Still so in 2017. Softerthervpn http://www.softether.org/ This is a true VPN and a free product from Japan that can conduct all its traffic though any port of your choosing, including port 53, 80 or 443... web ports that not even the most mean hotel can block, although you will have to disable any web server functions IIS or apache say to free those ports on the receiving server to use those ports. Softerthervpn gets through everything and can connect via an http proxy servers. It is marketing itself as a replacement for IPSEC and Openvpn, but it can certainly replace the need to use Hamachi and logmein. You can use it as a server for OPENVPN and even has a script genearotor to configure openvpn clients. It also a server for L2TP connections. So smart phones IPADs can connect. I also have Softethervpn servers running on UBUNTU VPS servers. It works. Softethervpn also works using Openvpn client packages, with a quick configuration tool for OpenVPN, such that I can use android Openvpn application and connect from VPNs from my phone wherever I am. OPenvpn cleints simply have to read Softethervpn's generated .ovpn file. I am very impressed. Sofethervpn beats Hamachi hands down for speed, and of course no cost and no third party to worry about. The network you create with Softethervpn is yours alone, and does requiring any third party server, although you can use one and they have a service on offer. It also comes with keep alive and a free dns function if your servers IP keep changing. No need for instructions here as their web site is written in excellent English; only one word jars to me using the "realise" to mean create or finish which is a use, but odd, rather than realsie as meaning understand something. That is a minor churlish remark from someone who can only speak English and can't write a line of code. Gerard Bulgercontact |
|||||||||||||||||