Quote:
Originally Posted by revzalot
Awesome feature! So just to clarify once I'm in a public hotspot I can ssh -w into my OBSD firewall assuming it has the proper firewall rules. Once I'm connected I can surf the net like I was connected at home?
|
Yep.
But the -w just -- and I mean j-u-s-t -- brings up the ssh encrypted tunnel. How you use the tunnel depends on what you do next. On the CLIENT side...
Code:
ifconfig tun0 10.3.0.2 255.255.255.252 10.3.0.1,
where .2 is the client and .1 is the gateway tunnel endpoint.
- route add -host gw.mydomain.com <hotspot_default_gateway_address> iwi0
- route add -net my_lan_subnet 10.3.0.1 tun0
- route change 0.0.0.0 10.3.0.1 tun0
Where (1) you MUST preserve the route to your gw machine via the hotspot dhcp-obtained gateway ip, (2) route crypto to your work/home subnet; and (3) route crypto to the gateway and then off the gateway to the world.
These route commands can be scripted easily and may be built into the hostname.tun0 with the "!" prefix.