Remote Access
NightShade03
Member Posts: 1,383 ■■■■■■■□□□
in Off-Topic
Hey all,
I know that many people here have labs in their homes. How do you guys/gals remotely access your lab (if you do at all)?? I have been working with OpenVPN Access Server and it's alright...just wanted to see if there are some better options out there.
I know that many people here have labs in their homes. How do you guys/gals remotely access your lab (if you do at all)?? I have been working with OpenVPN Access Server and it's alright...just wanted to see if there are some better options out there.
Comments
-
earweed Member Posts: 5,192 ■■■■■■■■■□The only remoting I do is across the room to my server using the admin tools installed on my Vista dsektop but that's just my Server 2008 R2 server with VMs. I don't remote my Cisco lab at all.No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
-
demonfurbie Member Posts: 1,819 ■■■■■□□□□□vpn on server 2008r2 works well make sure you encrypt it and open ports ect
once vpned in i just use vnc to take over a desktopwgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers: -
crrussell3 Member Posts: 561Been thinking about installing the OpenVPN module into my Untangle server just haven't gotten around to it. Do you have any likes/dislikes of OpenVPN?MCTS: Windows Vista, Configuration
MCTS: Windows WS08 Active Directory, Configuration -
MickQ Member Posts: 628 ■■■■□□□□□□I started by using Hamachi due to legacy customers/clients, then RDing to different machines if needed.
If I'm connecting out to customers, I've started trying out TeamViewer. Seems to be nice enough for me, so far. -
Tackle Member Posts: 534Using DD-WRT, I have WOL configured for my ESXi server and auto start on my server VM's. That way I can access my router from anywhere (Dyn-dns account very important), fire up my server and have full access to my network. I have dd-wrt configured to direct to each of my main servers/desktops/workstations via a certain port and use remote desktop to connect to them (domain.dyn-dns.com:3390-3392).
Works great for when I need to connect to home to check something on works network from the outside going in. -
crrussell3 Member Posts: 561Using DD-WRT, I have WOL configured for my ESXi server and auto start on my server VM's. That way I can access my router from anywhere (Dyn-dns account very important), fire up my server and have full access to my network. I have dd-wrt configured to direct to each of my main servers/desktops/workstations via a certain port and use remote desktop to connect to them (domain.dyn-dns.com:3390-3392).
Works great for when I need to connect to home to check something on works network from the outside going in.
What do you have your DD-WRT installed on?MCTS: Windows Vista, Configuration
MCTS: Windows WS08 Active Directory, Configuration -
NightShade03 Member Posts: 1,383 ■■■■■■■□□□crrussell3 wrote: »Been thinking about installing the OpenVPN module into my Untangle server just haven't gotten around to it. Do you have any likes/dislikes of OpenVPN?
The install was pretty straight forward as is the configuration....their documentation seems to be lacking though and I'm having trouble getting the connection to forward through my firewall properly. -
Forsaken_GA Member Posts: 4,024I'm a pretty big fan of ssh tunnels. It all depends on what sort of remote access you need. For the various web services I have deployed on my lab (wiki, spacewalk, monitoring, password vault, etc), rather than having to map port numbers to each machine (since it's a residential connection, and therefore everything has to share the same IP), I just started routing incoming http/s traffic to a specific box, and set it up as a reverse proxy for external web traffic.
for my unix boxen, I just ssh into my jump server, which can then ssh into any other ssh capable server on the network
for the one windows box I maintain (which is solely for the vsphere client), I just setup a reverse SSH tunnel to my ssh jump box, and then run RDP over that. -
NightShade03 Member Posts: 1,383 ■■■■■■■□□□Forsaken_GA wrote: »I'm a pretty big fan of ssh tunnels.
I like SSH tunnels too, my only concern though is having an SSH port exposed t the internet. I can harden SSH and do all the right things just as good as the next linux admdin....but it still worries. I don't know...call me overly paranoid! -
Forsaken_GA Member Posts: 4,024NightShade03 wrote: »I like SSH tunnels too, my only concern though is having an SSH port exposed t the internet. I can harden SSH and do all the right things just as good as the next linux admdin....but it still worries. I don't know...call me overly paranoid!
Oh, I just turn off interactive logins entirely. No box of mine can be logged into with a password via ssh. publickey authentication only.
That, and the ssh jump box is openbsd
I have absolutely no worries about that box being exploited. -
Met44 Member Posts: 194NightShade03 wrote: »I like SSH tunnels too, my only concern though is having an SSH port exposed t the internet. I can harden SSH and do all the right things just as good as the next linux admdin....but it still worries. I don't know...call me overly paranoid!
Have you thought about using port knocking? It scales to match paranoia
Use a rule that, for example, requires a SYN sent to port 22122 (to which there is no reply) before accepting an SSH connection on 11211 for a time period. Joe Cracker running a port scanner will never know you're there -- and it will keep your log files clean if someone does connect.
If that doesn't do it for you, keep adding different types of knocks until you feel safe. Scalability!
It also has the benefit of being easy to use from any system, since all you need to knock is anything that can initiate a tcp connection (or udp, icmp...):
ssh home -p 22122
^C
ssh home -p 11211
user@home's password: -
jibbajabba Member Posts: 4,317 ■■■■■■■■□□Site-2-Site IPSec VPN between office Leased line and home Adsl router (both Draytek) or in some cases Sonicwall and GVC.My own knowledge base made public: http://open902.com
-
cablegod Member Posts: 294For employee remote access, I love the Juniper Networks SSL-VPN appliances.“Government is a disease masquerading as its own cure.” -Robert LeFevre
-
NightShade03 Member Posts: 1,383 ■■■■■■■□□□For employee remote access, I love the Juniper Networks SSL-VPN appliances.
I've wanted to use a PXE or something similar for a while for SSL, which is why I turned to OpenVPN.