From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1ERQ9b-0006GW-Kp for garchives@archives.gentoo.org; Mon, 17 Oct 2005 08:15:32 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j9H8CdqK007025; Mon, 17 Oct 2005 08:12:39 GMT Received: from pih-relay06.plus.net (pih-relay06.plus.net [212.159.14.133]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j9H87MpQ026288 for ; Mon, 17 Oct 2005 08:07:22 GMT Received: from [80.229.169.140] (helo=kenny.chepstow.djnauk.co.uk) by pih-relay06.plus.net with esmtp (Exim) id 1ERQ3d-0005Fa-GZ for gentoo-user@lists.gentoo.org; Mon, 17 Oct 2005 09:09:22 +0100 Received: from [10.0.0.10] (jonathan.chepstow.djnauk.co.uk [10.0.0.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by kenny.chepstow.djnauk.co.uk (Postfix) with ESMTP id 1A0BB89F29 for ; Mon, 17 Oct 2005 09:09:17 +0100 (BST) Message-ID: <43535C2C.1040006@djnauk.co.uk> Date: Mon, 17 Oct 2005 09:09:16 +0100 From: Jonathan Wright User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050822) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: Reaching my network over the internet References: <49bf44f10510160959n7407c97bj882784795fa2a9e8@mail.gmail.com> <200510161313.34724.john@jolet.net> <4352BBA8.9090707@djnauk.co.uk> <200510161932.05434.john@jolet.net> In-Reply-To: <200510161932.05434.john@jolet.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: c1b5d1b8-2511-4fbc-aa82-d7fe1fc530c9 X-Archives-Hash: 8f18fb30ec76e39bd2f342934953200f John Jolet wrote: >>Why do though all the hassle of setting up a VPN when you can use SSH to >>provide a secure tunnel into the network and use that instead? Works >>fine for me. >> >># ssh -L5900:hostname:5900 username@hostname.tld >># vncviewer localhost:0 > > Okay, now show me the instance where you want box->internet->box->vnc server. That does provide a tunnel between two boxes. It's quick and simple to setup and can be used by any ssh client, regardless of the system. Whether you're on Unix or Linux. You can even do it using Windows using PuTTY. It's good to know in case if you need access but don't have a box that can't do VPN, or there's a problem with the VPN. If you want to open it up for some reason to another box, you can use the gateway switch (-g) and SSH will listed to all incoming connections on that port on the remote computer. # ssh -g -L5900:remote:5900 username@server:port > If you set up openvpn on your ssh server, you easily can tunnel across it. > Doing that with ssh would add another tunnel. Takes 5 minutes to set up. I'm not disagreeing with you, but a VPN can add a whole level of complexity and setup, whereas if you just want to remotely access a VNC server across the Internet, SSH works great and has added security built in. If you want to access more than VPN, i.e. SMB, or need the remote computer to 'appear' on the local network for some reason, VPN is fine - go ahead and use it. KISS - keep it short and simple. -- Jonathan Wright ~ mail at djnauk.co.uk ~ www.djnauk.co.uk -- 2.6.13-gentoo-r3-djnauk-b2 AMD Athlon(tm) XP 2100+ up 1 day, 21:39, 0 users, load average: 0.64, 0.46, 0.33 -- "My mother took me to a psychiatrist when I was fifteen because she thought I was a latent homosexual. There was nothing latent about it." ~ Amanda Bearse -- gentoo-user@gentoo.org mailing list