No VPN? No problem. If you want access to your homes network and specific applications all you need is SSH or in Windows case Putty, which is an ssh client. And that is what I’ll be covering here today, how to tunnel putty to your home network, or where ever you might want access. In this part we will cover web based applications and applications in general…
You’ll need an always on machine at home. I have used my unRAID server in the past. A raspberry pi will also work. The pi is nice because it is a low power and an always on device. I have one on my home network running raspbmc. Either way you need an ssh server running at home, here is a list of servers by paltform. Pick one and set it up. Make sure your home server has a static ip, and your external or public ip is known to you. I reccommend using a Free DNS service such as http://freedns.afraid.org/. These services usually have Dynamic DNS clients which update your external if with their service if it changes. Some routers even have built in clients, which is nice.
Next you will need to port forward the ssh port on your home router. Ssh uses port 22, so you need to forward this from the external interface to the static IP where your SSH server resides. One thing that I would advise however, is that you do not use the external port 22, use something like 8782 and tunnel it to port 22. Most if not all routers can perform this function. There is reasoning behind this, and it’s Chinese hackers, or rather script kiddies. I kid you not, I’ve experienced this myself at home, my buddy experienced this, and recently I setup a server for someone and forgot to close port 22, this resulted in Chinese based IPs trying to guess the password on port 22. If you are going to to use port 22 then use an RSA key for your SSH sessions, there are plenty of tutorials out there on how to accomplish this and generate these keys. The best way to discourage these attempts at guessing the password though, is to tunnel an external port above 1024 to the internal IP and port 22, this is where your SSH server will reside.
If you’re trying to tunnel in from work to your home, please consider the fact that most businesses have only the common ports open and the rest are firewalled. So your external port number on your home router should match that of the open common port from where you will be connecting from. Some suggestions are 8080 (http alternate), 443 (https), have a look at this list.
Once you’ve set up the above you’re done with your home end. Now it’s time to setup your Putty client at your remote location. I’m assuming that this remote location will be running a Windows 7 OS. For those interested in tunneling in Linux, here is a quick little guide on how to do that. Install PuTTY from here. Once installed launch it.
In the Host name either type in the external IP of you your modem at home, or if you set up a DDNS service type in the address here. In the port field type in the external port on your router at home, in this example it’s 8782. and then select the SSH connection type. Type in a session name and click Save. This will save all the details of your connection for later, and the next time you open putty you can highlight the Session in the box below and click load, this way you don’t have to type in the connection details each time. This also comes in handy because typing in ports and their destination/IPs each time would be a huge pain.
We’re not done yet. If you created a private authentication key, you can add it under Connection -> SSH -> Auth and Authentication parameters -> Browse… button. Do not close PuTTY, but navigate back to Session and click Save to save the changes you just made.
Now we set up the actual Tunnels, this option is available under Connection -> SSH -> Tunnels.
The Source port and Destination is what we are concerned about here. Lets say for examples sake that I want to connect to my home routers web interface. If that is the case then in the destination window I will type in the IP:Port, the IP will be the local IP of the router interface at home usually 192.168.1.1 sometimes 192.168.0.1 followed by the port number, ex. 192.168.1.1:80. The source port is the port that the request will come from use something that is currently not in use at the location you will be dialing in from, 8081 is a good one. Now click add. Go back to session and save it again.
Now if you start the PuTTY session and log in to your SSH server, head over to your web browser and type in http://127.0.0.1:8081 you should be prompted with your Router web interface log in. Nice right. There is a problem with this however, sometimes routers and servers when switching pages and clicking on links will want to substitute the 127.0.0.1 in the address for their server name or local IP. So in this case the router might want to substitute the 127.x.x.x address for it’s 192.168.1.1 address. If that is the case and you encounter this you will manually need replace the 192.x.x.x IP with 127.x.x.x IP and hit enter in the address bar. There is an alternate way but that requires setting up a loopback adapter, which will be covered in Part 2. Now if it is a server name that is trying to be substituted then you can add that to the hosts file.
The hosts file on windows is located in C:\Windows\System32\drivers\etc\. Edit it with Notepad or Notepad++.
Uncomment the following line by removing the ‘#’ character.
then add this line…
where myservername is the name of the server that injects it’s name into the address bar of the web browser when browsing the interface.
Instead of relying on a port change to prevent brute force attacks against SSH, take a look at the Fail2Ban application.
one cannot call that a VPN connection!
Hence why it’s called a “Home made VPN of sorts.”
Wow, amazing blog layout! How long have you ever been blogging for?
you made blogging look easy. The overall glance of your site is excellent,
let alone the content material!