Connect to home lab from outside world

Saratoga Scott

What is the safest best/suggested method to do this?
I have a Linksys connected to cable company box.
I use DNS4me and can VNC/FTP.
I don't want to interfere with this if I don't have to.
I have several 2500s, a 1721, and a 2950T.
Thoughts?
Thanks in advance.

broc

Set up a VPN to a computer in your home network and control your lab from this computer. If you can get your hand on an access server, that would be best as it would give you console access remotely.

Saratoga Scott

broc wrote: »

Set up a VPN to a computer in your home network and control your lab from this computer. If you can get your hand on an access server, that would be best as it would give you console access remotely.

I apologize,but I have no idea how to do this. I have used TightVNC to work with my home desktop, but the refresh is often not great.
I don't believe that the linksys I have does VPN, and I am not sure what "client" I'd use if it did.
Sorry if this is the wrong forum for these questions, but it is related to my home lab.

broc

You wouldn't VPN to the Linksys router but to another computer in your home network, all is needed from your router is to allow the VPN traffic, on most consumers router, it is something called PPTP Passthrough, log on to your router and look for it.

Then for the VPN configuration itself, it will depends of the OS you use.

The refresh rate will depend of your internet connection, if you have a slow connection, the VPN access will also be slow. The VPN will be an improvement security wise though.

Saratoga Scott

broc wrote: »

You wouldn't VPN to the Linksys router but to another computer in your home network, all is needed from your router is to allow the VPN traffic, on most consumers router, it is something called PPTP Passthrough, log on to your router and look for it.
Unfortunately, it would appear mine does not have this. (It has a PPTP mode, but I am afraid this is an all or nothing setting, vice a passthrough option.

Then for the VPN configuration itself, it will depends of the OS you use.

I have XP and OSX machines on the network.

The refresh rate will depend of your internet connection, if you have a slow connection, the VPN access will also be slow. The VPN will be an improvement security wise though.

This is what I'd like to accomplish. Access to my home lab, but securely.

Saratoga Scott

Saratoga Scott wrote: »

This is what I'd like to accomplish. Access to my home lab, but securely.

WAIT. I found it. I do have PPTP passthrough and it is enabled.

I have XP.

Now what?:D

broc

It wouldn't hurt to do a bit of research yourself, don't you think...? I won't give you all the details, you can find out by yourself but basically:

Now that you have passthrough enabled, you probably need to forward the right ports to the right machine (port 1723 for PPTP), it will depend of the type of VPN you setup.

Then set up your XP box as a VPN server.

And create a new VPN connection on the computer you will use to access the XP box remotely.

Saratoga Scott

broc wrote: »

It wouldn't hurt to do a bit of research yourself, don't you think...? I won't give you all the details, you can find out by yourself but basically:

Now that you have passthrough enabled, you probably need to forward the right ports to the right machine (port 1723 for PPTP), it will depend of the type of VPN you setup.

Then set up your XP box as a VPN server.

And create a new VPN connection on the computer you will use to access the XP box remotely.

Thanks, you are correct. Thanks for the direction.

broc

No worries, if you still have problems configuring it once you read some tutorials and try it on your network, let us know the problem and I'll do my best to help.

keenon

adito vpn allows ssl vpn to be installed on a xp or linux machine. all you have to do is the rest of the config, create a dynamic dns account and open https port on your firewall pointed to that machine. it also doesn't have to run on something robust.. i have it installed on a p3 with 512mb ram but i know others that are running it on lower end than that.

Forsaken_GA

If you're on an XP machine, just use RDP, don't have to worry about PPTP passthrough, you just need to forward port 3389 to the XP box on the Linksys router and activate Remote Desktop on your machine

ColbyG

I like to run an SSH server inside my network. I connect to that, usually on a non-standard port, to access my lab and everything else on my network via an SSH tunnel.

Forsaken_GA

ColbyNA wrote: »

I like to run an SSH server inside my network. I connect to that, usually on a non-standard port, to access my lab and everything else on my network via an SSH tunnel.

^this

VPN really is overkill to get to a cli based console session for a few routers

keenon

I actually like having options. If there is an issue within the network I have both ssl and ssh access. which has came in handy when I had a device with a corrupted config.

mikej412

Forsaken_GA wrote: »

VPN really is overkill to get to a cli based console session for a few routers

I thought there was no such thing as overkill for Labs and Security!

I VPN to my home network to access the remote power controllers through their web interfaces and to reach the access servers. Then I'll just telnet through the access servers to reach the lab routers and switches for console access -- or VNC/RDP to the VMWare servers.

I've toyed with the idea of splitting the lab off from the home network to its own network with it's own DMZ for the remote power and access servers -- in case I ever want to give anyone else remote access to some lab equipment.

keenon wrote: »

I actually like having options.

I like accessing my lab halfway round the world the same way I access it when I'm sitting next to it.

broc

mikej412 wrote: »

I thought there was no such thing as overkill for Labs and Security!

My thought exactly Not to mention having ssh access enabled on your outside interface without IP filtering is not the best idea...

duzzey

logmein.com It's free. Also has file share (30day trial) from outside to inside your network via ssl 256AES.

Forsaken_GA

mikej412 wrote: »

I thought there was no such thing as overkill for Labs and Security!

Touche, though I'd submit that using PPTP hardly qualifies as being secure. If you're going to do VPN, go full bore and deploy L2TP/IPSEC.

I've personally gotten kind of spoiled - I just tunnel my connection through SSH. I haven't encountered very many lockdown scenarios I can't get around with a simple tunnel, and bringing up my tunnels is one of the first things I do when I'm using a network that isn't mine (aka, the McD's free wifi!)

I VPN to my home network to access the remote power controllers through their web interfaces and to reach the access servers. Then I'll just telnet through the access servers to reach the lab routers and switches for console access -- or VNC/RDP to the VMWare servers.

I have my web interfaces accessible through an SSL protected web page, just making use of Apache's ProxyPass and ProxyPassReverse functions, so if I need to screw with my power, it's just a matter of logging into the web page I have setup with the rest of my network management tools. I do have a windows machine that I can bring up for RDP if I ever absolutely need a GUI inteface into my home network, and I've got port 3389 restricted by access list.

I've toyed with the idea of splitting the lab off from the home network to its own network with it's own DMZ for the remote power and access servers -- in case I ever want to give anyone else remote access to some lab equipment.

Yeah, this is how I have things setup, though again, it's all done through SSH. I just setup a new account on one of my linux boxes, and then set the login shell to a script that makes a connection to the access server. They login, get kicked to the access server, logout, and get disconnected from the server. All very easy.

I like accessing my lab halfway round the world the same way I access it when I'm sitting next to it.

I agree, which is how I'm setup hehe. I do most of my inter-device communication through SSH, and it's nice and flexible tool. Between ssh and netcat, there isn't a whole lot I can't do!


Now with all that being said, I think we've all demonstrated on this thread that there are many paths to get to the same place. OP's a newbie trying to get remote access to his gear. Having his Linksys port forward RDP to his Windows XP box is a good first step, and relatively secure (I trust RDP more than I trust Microsoft's PPTP/MPPE implementation). And it takes about 2 minutes to setup!