View Single Post
  #7   (View Single Post)  
Old 6th May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by revzalot View Post
Awesome feature! So just to clarify once I'm in a public hotspot I can ssh -w into my OBSD firewall assuming it has the proper firewall rules. Once I'm connected I can surf the net like I was connected at home?
Yep.

But the -w just -- and I mean j-u-s-t -- brings up the ssh encrypted tunnel. How you use the tunnel depends on what you do next. On the CLIENT side...

Code:
ifconfig tun0 10.3.0.2 255.255.255.252 10.3.0.1, 
where .2 is the client and .1 is the gateway tunnel endpoint.
  1. route add -host gw.mydomain.com <hotspot_default_gateway_address> iwi0
  2. route add -net my_lan_subnet 10.3.0.1 tun0
  3. route change 0.0.0.0 10.3.0.1 tun0
Where (1) you MUST preserve the route to your gw machine via the hotspot dhcp-obtained gateway ip, (2) route crypto to your work/home subnet; and (3) route crypto to the gateway and then off the gateway to the world.

These route commands can be scripted easily and may be built into the hostname.tun0 with the "!" prefix.
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 6th May 2008 at 02:21 AM.
Reply With Quote