[geeks] VPN Help needed...

Sheldon T. Hall shel at artell.net
Thu Jan 3 14:39:54 CST 2008


Phil Stracchino wrote ...

> Actually, this *is* a problem with many third-party VPN solutions,
> including some used by some major corporations -- you can access the
> corporate network of the public Internet, but not both at once.  Using
> browser proxy configuration combined with an SSH tunnel, it'll be
> totally transparent and Just Work.
 
My last employer used Microsoft's PPTP VPN, which worked fine.  The network
admin was a former CIA data spook with paranoid tendencies, and it was an
otherwise UNIX shop, so I assume he had some way to make Windows secure.  I
have no idea how he did it; he wouldn't say.  It worked fine until the new
owners of the company wanted to make it more Microsoft-ish, and required all
that NT "domain" crapola.  Then, it became a PITA.  I left the company while
they were still straightening it out.

I've used SSH tunneling on my own and other systems, and it's both dead easy
and very secure.  With proper firewalling, perhaps combined with either a
non-standard port or port knocking, it's virtually impenetrable.  It
requires a little set-up on the client, but a couple of batch files can
handle everything you need, including proxy set-up, to convert the client
machine from a normal one to a secure client who tunnels everything (HTTP,
SMTP, POP3, etc) through the SSH connection, and back again.

-Shel



More information about the geeks mailing list