I presume you meant OpenSSH in that last postscript, I don't make extensive use of Wireless technology.. but tunnelling over SSH is remarkably easy and should work from anywhere that allows you to connect directly with your remote server.
One thing that most people fail to realize is OpenSSH supports several different methods of tunnelling connections.
- The SOCKS proxy server.
- Implicit port forwarding style tunnels.
- Full VPN-style connection, tunnelling all network activity over an SSH tunnel.
All of these methods have their quirks, but generally they're easy to use once the learning curve and command-line syntax is de-obfuscated.
Here are some juicy examples, hopefully I can explain them without implying an existing knowledge of tunnelling.
1) Setting up a SOCKS 4 or 5 proxy for Firefox or Pidgin.. many programs can use a SOCKS proxy.
$ ssh -N -f -D 8686 oko@home.workstation
- -N tells ssh not to execute any remote commands.
- -f puts ssh into the background as a shell job, remove it if you want some noise.
- -D tells ssh to start a SOCKS compatible proxy on the port specified as an argument, configure SOCKS aware programs to connect to localhost on port 8686.
- oko@home.workstation is an imaginary account on your home workstation.
2) Implicitly port tunnelling is also pretty easy, but it is a bit more involved.. knowing the domain name of the remote server and the service port they use is important.
In this example, I'll create 2 tunnels for Yahoo Messenger service.. one for the pager service, the other for file transfers.
$ ssh -N -f -L 5051:scs.msg.yahoo.com:5050 -L 81:filetransfer.msg.yahoo.com:80 oko@home.workstation
The -N -f options have been discussed, but
-L is new.. this literally means listen.. and it does, the numbers indicated by
bold are local port numbers that SSH will be listening on.. whereas the text in
italics refers to the remote hosts.
In this case, you'll have to go into the Account dialogue in Pidgin and configure the Advanced protocol settings for your yahoo account.. substitute
scs.msg.yahoo.com and
filetransfer.msg.yahoo.com with
localhost and change their port numbers to
5051 and
81 respectively.
3) This last method is the most complicated, it involves setting up what is basically a genuine tunnel between your mobile system and the remote SSH server, network connectivity can flow unfettered across this one tunnel.
Unfortunately this is moderately more complicated.. a tunnel involves the
tun(4) device, routing table changes and other potentially confusing configuration changes.
$ ssh -N -f -w 0:0 root@home.workstation
The
-w argument specifies a point-to-point tunnel,
0 indicates that ssh should bind to
tun0, whereas
0 indicates the remote SSH servers tunnel device.
As I said, one notable problem is this functionality requires that the remote gateway be configured to act as a NAT gateway, this will require
pf.conf(5) rules and some subtle changes to
sshd_config(5) to allow such tunnelling, look for the
PermitTunnel option.. it does not work in
Match blocks, this unfortunately means that you'll need to allow root authentication if you have it disabled.
Both the servers tun device and your local one will need to be configured presuming they're created and the connection establishes successfully.. once you've confirmed that it is you can assign an IP address to the tunnel devices and then start figuring out routing.
On
home.workstation, configure tun0 with an IP address and a /30 subnet (2 hosts):
$ sudo ifconfig tun0 inet 172.16.0.1 netmask 255.255.255.252
On the
mobile system, do the same.. except use 192.16.0.2:
$ sudo ifconfig tun0 inet 172.16.0.2 netmask 255.255.255.252
This should at least establish a working tunnel between the two systems, but it's hardly everything that needs to be done.
I admit I haven't tested this specific method of tunnelling personally, but hopefully the fundamentals are outlined successfully.
Good luck, I look forward to seeing someone correct the plethora of mistakes I made here.
EDIT: jggimi is faster then me, considerably so.
