Remote Access

NightShade03

Hey all,

I know that many people here have labs in their homes. How do you guys/gals remotely access your lab (if you do at all)?? I have been working with OpenVPN Access Server and it's alright...just wanted to see if there are some better options out there.

earweed

The only remoting I do is across the room to my server using the admin tools installed on my Vista dsektop but that's just my Server 2008 R2 server with VMs. I don't remote my Cisco lab at all.

demonfurbie

vpn on server 2008r2 works well make sure you encrypt it and open ports ect

once vpned in i just use vnc to take over a desktop

crrussell3

Been thinking about installing the OpenVPN module into my Untangle server just haven't gotten around to it. Do you have any likes/dislikes of OpenVPN?

MickQ

I started by using Hamachi due to legacy customers/clients, then RDing to different machines if needed.
If I'm connecting out to customers, I've started trying out TeamViewer. Seems to be nice enough for me, so far.

Tackle

Using DD-WRT, I have WOL configured for my ESXi server and auto start on my server VM's. That way I can access my router from anywhere (Dyn-dns account very important), fire up my server and have full access to my network. I have dd-wrt configured to direct to each of my main servers/desktops/workstations via a certain port and use remote desktop to connect to them (domain.dyn-dns.com:3390-3392).

Works great for when I need to connect to home to check something on works network from the outside going in.

crrussell3

LucasMN wrote: »

Using DD-WRT, I have WOL configured for my ESXi server and auto start on my server VM's. That way I can access my router from anywhere (Dyn-dns account very important), fire up my server and have full access to my network. I have dd-wrt configured to direct to each of my main servers/desktops/workstations via a certain port and use remote desktop to connect to them (domain.dyn-dns.com:3390-3392).

Works great for when I need to connect to home to check something on works network from the outside going in.

What do you have your DD-WRT installed on?

NightShade03

crrussell3 wrote: »

Been thinking about installing the OpenVPN module into my Untangle server just haven't gotten around to it. Do you have any likes/dislikes of OpenVPN?

The install was pretty straight forward as is the configuration....their documentation seems to be lacking though and I'm having trouble getting the connection to forward through my firewall properly.

Forsaken_GA

I'm a pretty big fan of ssh tunnels. It all depends on what sort of remote access you need. For the various web services I have deployed on my lab (wiki, spacewalk, monitoring, password vault, etc), rather than having to map port numbers to each machine (since it's a residential connection, and therefore everything has to share the same IP), I just started routing incoming http/s traffic to a specific box, and set it up as a reverse proxy for external web traffic.

for my unix boxen, I just ssh into my jump server, which can then ssh into any other ssh capable server on the network

for the one windows box I maintain (which is solely for the vsphere client), I just setup a reverse SSH tunnel to my ssh jump box, and then run RDP over that.

NightShade03

Forsaken_GA wrote: »

I'm a pretty big fan of ssh tunnels.

I like SSH tunnels too, my only concern though is having an SSH port exposed t the internet. I can harden SSH and do all the right things just as good as the next linux admdin....but it still worries. I don't know...call me overly paranoid!

Forsaken_GA

NightShade03 wrote: »

I like SSH tunnels too, my only concern though is having an SSH port exposed t the internet. I can harden SSH and do all the right things just as good as the next linux admdin....but it still worries. I don't know...call me overly paranoid!

Oh, I just turn off interactive logins entirely. No box of mine can be logged into with a password via ssh. publickey authentication only.

That, and the ssh jump box is openbsd

I have absolutely no worries about that box being exploited.

Met44

NightShade03 wrote: »

I like SSH tunnels too, my only concern though is having an SSH port exposed t the internet. I can harden SSH and do all the right things just as good as the next linux admdin....but it still worries. I don't know...call me overly paranoid!

Have you thought about using port knocking? It scales to match paranoia

Use a rule that, for example, requires a SYN sent to port 22122 (to which there is no reply) before accepting an SSH connection on 11211 for a time period. Joe Cracker running a port scanner will never know you're there -- and it will keep your log files clean if someone does connect.

If that doesn't do it for you, keep adding different types of knocks until you feel safe. Scalability!

It also has the benefit of being easy to use from any system, since all you need to knock is anything that can initiate a tcp connection (or udp, icmp...):

ssh home -p 22122
^C
ssh home -p 11211
user@home's password:

jibbajabba

Site-2-Site IPSec VPN between office Leased line and home Adsl router (both Draytek) or in some cases Sonicwall and GVC.

cablegod

For employee remote access, I love the Juniper Networks SSL-VPN appliances.

NightShade03

cablegod wrote: »

For employee remote access, I love the Juniper Networks SSL-VPN appliances.

I've wanted to use a PXE or something similar for a while for SSL, which is why I turned to OpenVPN.