SSH Tunnel Router to Router?

[Minute]

So currently I have a SSH Tunnel on the home PC & can connect to it from public locations on my laptop using Putty as a client. Works great. But what I want to do is setup a wireless router here that connects to my router at home & traffics all data between the two. That sounds confusing so..

Internet <-> Home Router <--Secure Connection--> Remote Wireless Router <-> My Laptop.

I'm sure this is possible, just not sure how to approach it. The router at the house does have DD-WRT running on it which has a built in VPN function, so maybe?

Anyway I'm a little confused/stumped at this point. Thought I'd throw this out there & see if anyone could suggest a way/alternative.

[Fallakin Kuvari]

Shouldn't it be:

Home Router <-> Internet <--Secure Connection--> Remote Wireless Router <-> Laptop?

[Minute]

Maybe. I need the data to come into the home router, go through the secure connection to the remote router. That way my crew can connect to the remote wireless router. This way I don't have to setup an SSH Tunnel for every one of their laptops. They can just connect to that wireless router as they would any one.

[Minute]

I think I've found an answer. If I set the router up as a bridge the VPN option in DD-WRT might work. Will give it a shot later. Feel free to make any suggestions though. I'm in unknown territory here.

[Ddrak]

Sadly, it's not easy. You could (maybe) get the connection up if you could get ssh running properly on both sides, though I'd recommend openvpn, but you're going to have all sorts of routing issues that aren't going to be easy to solve. You're much better having your laptop tunnel to your home machine the way it works at the moment.

Dd

[Kulaf]

Why don't you just use Go to my PC Corp?

http://www.gotomypc.com/remote_access/b ... ote_access

[Minute]

That seems considerably more complicated than what I'm trying for Kulaf. I just wanted to setup a wireless router here for them to connect to, like they would at home. The place here has an internet connection but it's controlled through Active Directory rights & an insane firewall policy that blocks about 25% of the sites that we use to work. Since I can connect to my house I had thought I could just drop a router here, set it up to connect to my house, then tunnel everything through that. The guys over at the DD-WRT forums seem to think it's plausible. Gonna give it a shot over the next couple days when I have time.

[Kulaf]

How are you drilling through their firewall then? Is this for work?

[Minute]

Ya it's for work, but we're having to do some offsite stuff. The connection for the place we're working for has insanely high restrictions. I did find that I could SSH tunnel to my box at home, but that's per client. I just want my people to be able to connect & do whatever they need to without having to submit a request for when they need to place an order or browse the net. I could setup an SSH tunnel for each of their machines, but that's a pain in the ass too. Mostly now I'm just curious about how to get it done. I do think I've found an answer though.

http://www.dd-wrt.com/wiki/index.php/Op ... wo_routers

This seems to be exactly what I want, I just haven't had time to set it up yet. We shall see.

[Ddrak]

Rough details of something that will probably do what you want:

Run squid (or some other web proxy) on your home box. Set up an ssh tunnel from your machine inside the work network to your home machine on port 3128. Allow remote connections to 3128 from your work machine. Tell the co-workers to set your work machine to be their web proxy.

Of course, that will last until the IT guys wonder what all the ssh traffic is and shut it down...

Dd

[Bahd Zoolander]

In my experience having worked at a few places with security that made it difficult or impossible to do the work we needed to do, trying to go around the system isn't the best thing to do.

If you have a real business case to need different access it would probably be trivial for the IT dept. to hook you up with a proxy to do so. If you go around the system you run the risk of getting shut down as well as losing any goodwill that might have made it easier to do the officially sanctioned way.

The average time between someone connecting an unapproved router/hotspot to the network and having it shut down was about an hour. Most of the times were simple mistakes where someone plugged a cable in the wrong port (we had multiple networks available), but the real attempts to subvert the system pretty much always lost.

[Minute]

Ya fuck that. Circumventing bullshit security policies make me feel better at the end of the day. If they want to block porn/illegal shit, that works for me, but the process now consists of one of my guys calls me & says they are trying to compare a product to one of the vendors. They can't because it has an ad on it that their shitty firewall doesn't like. I have to submit a ticket which I hope gets addressed before 5 p.m. because they are only there from 8-5 mon-fri. You can't do business that way.

And trust me, I'm not worried about losing this business. Even a little.

P.S. I got it. Ended up setting up an openVPN server. Wrote a little script to do it with a specific client file for each connection. This ended up being the better option anwyay. Now my guys can connect to the VPN regardless of location.

[Fallakin Kuvari]

Setup a computer on your home network to tunnel to via http://www.no-ip.com/

Then they can access it via a web address of your choice.