Ian Grigg <[EMAIL PROTECTED]> writes:

> I'm curious - my understanding of a VPN was that
> it set up a network that all applications could
> transparently communicate over.
> Port forwarding appears not to be that, in
> practice each application has to be reconfigured
> to talk to the appropriate port, or, each port
> has to be forwarded.
> Am I missing something here?  If there is an
> easy SSH based strategy for VPNs, what is it?
> iang

Well it's not a VPN per se, and it's dependent on the SSH client
you're using but it may help you anyway: When using an OpenSSH [1]
client one can enable dynamic portforwarding (the -D switch or the
DynamicForward option in ssh_config) which gives you a SOCKS server on
the machine you ssh from.

Under un*xy operating systems supporting LD_PRELOAD or similar dynamic
linker options you can then use something like tsocks [2] to make all
dynamically linked (and non-suid) applications performing only
outbound TCP connections use your SOCKS server.  This is sort of a
hack but works pretty good for me.

Something I've done as well in the past is run Slirp[3] on a remote
machine and have an SSH tunnel between Slirp and the PPP daemon on my
local machine. This assumes you have sufficient privileges on the
client machine however. It allows you to do both outbound TCP and UDP
however I do not really advise this strategy because of [4].


[1] OpenSSH
[2] TSOCKS - A transparent SOCKS proxying library
[3] Slirp
[4] Why TCP over TCP Is a Bad Idea

Ralf-P. Weinmann <[EMAIL PROTECTED]>

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to