[Novalug] reverse tunnel

greg pryzby greg@pryzby.org
Fri Nov 8 11:07:59 EST 2013


Here is what I am trying to do. ANY suggestions (with cut and paste
commands or a URL) is welcome.

I have an 'appliance' that is being installed at a location. The
appliance has 80/443 (and I will find out) hopefully 22. There might
be other outbound ports. It is sitting behind some provider internet
device and I have no idea what the IP and don't want to have to change
the the settings on provider's device.

So I want someone to plug the appliance in and for it to setup a link
for me to remotely login. Remember, I don't know the IP of the device,
the IP once it leaves the customer (provider's router IP) and don't
care.

Right now, I have a script that will setup a reverse tunnel to a
server using ssh-keys. That works and is FINE (not bullet proof yet).
crontab for a user connects to a server in the cloud. I can get to the
server and then ssh -p user@localhost and BAM, I am on the appliance.

Happy to setup w/ openVPN, but the client needs to initiate and setup.

Client is Ubuntu 10.04. Server is CentOS 6.4+ or Fedora 18+ (depends)


On Fri, Nov 8, 2013 at 10:32 AM, Derek LaHousse <dlahouss@mtu.edu> wrote:
> Quick question: Why TCP?  UDP has less overhead, and the TCP inside
> the tunnel will provide reliability to the carried traffic.  Tunnel
> over TCP causes even UDP packets to be re-transmitted, and can cause
> serious problems with high loss as both inner and outer packets get
> retransmitted.
>
> On Fri, Nov 8, 2013 at 10:18 AM, Stuart D. Gathman <stuart@gathman.org> wrote:
>> On Thu, 7 Nov 2013, greg pryzby wrote:
>>
>>> Answers:
>>>
>>> 1) running as same user from cli as crontab (crontab -e as same user)
>>> 2) screen sounds like it might be goo
>>> 3) can try to escape, but also ran from script which ran from cli fine
>>> but not crontab
>>> 4) will try -N
>>
>> While I've used ssh -N before, I've been happier with openvpn over tcp.
>> _______________________________________________
>> Novalug mailing list
>> Novalug@calypso.tux.org
>> http://calypso.tux.org/mailman/listinfo/novalug



-- 
greg pryzby                              greg at pryzby dot org
http://www.linkedin.com/in/gpryzby

TWTR: gpryzby
WEB:  http://www.MakeRoomForArt.com/
BLOG: http://www.ryqyrmedia.com/ (son's)



More information about the Novalug mailing list