Working behind a firewall, and getting back into work computers sited behind a firewall.

Over the years I have been working in places where I have had to contend with tight managed firewalls. Opening ports for specific tasks is a bore and a risk. Some domestic routers do not cope with a Virtual Private Network at all.  There are various methods you can use to connect applications across firewalls.  In setting anything up you have to have access to computers both sides of the firewall to install the client and server roles such as at home and at work.  You many do need even need access to the routers although you may have access to one router such as your home router to make live easier.

This page supersedes all my other blogs have done to date on tunnels and Hamachi, as life is now getting simpler with improved and easier VPNs. The University of Tsukuba Japan has come up with the simplest secure system that does everything one could possibly need. http://www.softether.org/

Softethervpn  connects getting through firewalls at hotels and from phones and tablets.

A reason to use  tunnels, proxy or vpn such as Sotfethervpn is to keep appearing as if you are home on your county's IP address range when traveling.  Banks can lock your account if they see you coming different country IPs, so going via a tunnel and poxy to back home is very useful and secure.

The first tunnel system I used was Neil Winton’s Zebedee.  It also transmits UDP packets which is an advantage. More detail on it are here https://bulger.co.uk/zebedeeins.htm   Next I was tunneling with SSH. Then the penny dropped that SSH on a server has a socks proxy function, so you can connect your network to the outside world via your remote proxy.  Bitvise http://www.bitvise.com/index  has the simplest windows server and client to use, and of course Linux has SSH by default, but sometimes need tunnelling enabled in sshd.conf.   On the client end it is best to install a different browser such as Seamonkey http://www.seamonkey-project.org/  which gives the option of choosing proxy for some functions and pages, leaving windows and internet explorer’s connection alone.  Portable USB stick versions can work were admin rights are restricted.  My struggles with SSH are here. https://bulger.co.uk/sshins.htm

A less fiddly approach is to set up a Virtual Private Network to access all the computers remotely on all ports, and use the remote computer as a gateway to the rest of the world if needed.   VPNs allow everything to pass and can in effect join networks so you can reach any computer on the subnets.   Alas running VPNs can be time consuming to configure,routing a nightmare and very difficult, if not impossible to set up behind a NATed firewalls.   OpenVPN has got better but is not easy at all.  

 If all  you want are some functions or a browser to use the remote connection or you may not want the work computer to take on a new default route for everything else when borwsing, then an SSH Socks proxy tunnel is the better option.

In 2013 I discover the best VPN solution so far for connecting office and home through firewalls.   SSH still has a role, but  this replaces all other solutions and Hamachi in particular.  Still so in 2017.

Softerthervpn  http://www.softether.org/

This is a true VPN and a free product from Japan that can conduct all its traffic though any port of your choosing, including port 53, 80 or 443... web ports that not even the most mean hotel  can block, although you will have to disable any web server functions IIS or apache say to free those ports on the receiving server to use those ports.

Softerthervpn gets through everything and can connect via an http proxy servers.   It is marketing itself as a replacement for IPSEC and Openvpn, but it can certainly replace the need to use Hamachi and logmein.   You can use it as a server for OPENVPN and even has a script genearotor to configure openvpn clients.   It  also a server for L2TP connections.  So smart phones IPADs can connect.  

 It is so much easier to set up than OpenVPN, and all ogther VPNs   Softethervpn has a huge range of options for really complex networks if needed.  It also has a client remote management GUI tool of the server that connects on the same port as the VPN itself, making it feel like SSH, with the client logging in and telling the server what to do.   What is more it comes in all flavours, Windows, Linux and even PowerPC so in theory one could install it on a WDLIVE DRIVE, now called WD Cloud network backup.  It installs on a RasberryPi  out of the box.  I have it running on two of them, stable as a rock.

I also have Softethervpn servers running on UBUNTU VPS servers.   It works.  Softethervpn also works using Openvpn client packages, with a quick configuration tool  for OpenVPN, such that I can use android Openvpn application and connect from VPNs from my phone wherever I am.  OPenvpn cleints simply have to read Softethervpn's generated .ovpn  file.   I am very impressed.   

Sofethervpn beats Hamachi hands down for speed, and of course no cost and no third party to worry about.  The network you create with Softethervpn is yours alone, and does requiring any third party server, although you can use one and they have a service on offer.  It also comes with keep alive and a free dns function if your servers IP keep changing.   No need for instructions here as their web site is written in excellent English; only one word jars to me using the "realise"  to mean create or finish which is a use, but odd,  rather than realsie as meaning understand something. That is a minor churlish remark from someone who can only speak English and can't write a line of code.