Reverse ssh issue

Hi all,
I have a home network and an office network. The home network has a Debian
box and a Mandrake 9.1 box. The office network has hundreds on Windows
boxes and my Mandrake 9.1 desktop computer. I can VPN between home Mandrake
and office Mandrake and get complete access to the client network. The
issue is that the VPN server (on a Windows NT computer) performs very
poorly. Ping times are greatly increased and remote X is painful.
I connect to the office by using NXClient (I have a NXServer running on
the office Mandrake box). This gives me a remote desktop of my office PC at
home as well as access to every VNC server running at the office.
The network admin won't open up ssh for me to connect to work directly.
Hence the issue.

Question:

Given my situation, how can I do some sort of reverse ssh to get access to
the office from home without doing it completely using the VPN?

At work I have an entry in the /etc/hosts file called "home" that point to
my home IP address.

I would expect something like this:

- VPN to work
- then ssh to work
- type in some command to open an ssh connection between work and home
- close the VPN

now I have some sort of connection betwen work and home.

On my home computer I would like to be able to see that connection as an
entry in the route table. (Home network is 192.168.0.* and work is
192.168.1.*).

Is this feasible?
Is there another way?
How would you do it?

Thanks,
Allistar.

Allistar <(E-Mail Removed)> wrote in message news:<8cKib.906$(E-Mail Removed)>...
> Hi all,
> I have a home network and an office network. The home network has a Debian
> box and a Mandrake 9.1 box. The office network has hundreds on Windows
> boxes and my Mandrake 9.1 desktop computer. I can VPN between home Mandrake
> and office Mandrake and get complete access to the client network. The
> issue is that the VPN server (on a Windows NT computer) performs very
> poorly. Ping times are greatly increased and remote X is painful.
> I connect to the office by using NXClient (I have a NXServer running on
> the office Mandrake box). This gives me a remote desktop of my office PC at
> home as well as access to every VNC server running at the office.
> The network admin won't open up ssh for me to connect to work directly.
> Hence the issue.
>
> Question:
>
> Given my situation, how can I do some sort of reverse ssh to get access to
> the office from home without doing it completely using the VPN?
>
> At work I have an entry in the /etc/hosts file called "home" that point to
> my home IP address.
>
> I would expect something like this:
>
> - VPN to work
> - then ssh to work
> - type in some command to open an ssh connection between work and home
> - close the VPN
>
> now I have some sort of connection betwen work and home.
>
> On my home computer I would like to be able to see that connection as an
> entry in the route table. (Home network is 192.168.0.* and work is
> 192.168.1.*).
>
> Is this feasible?
> Is there another way?
> How would you do it?
>
> Thanks,
> Allistar.

If the M$ NT VPN is the problem, then just flip it out of the equation
and do everything via SSH?

Mattias Honrendgard wrote:

> Allistar <(E-Mail Removed)> wrote in message
> news:<8cKib.906$(E-Mail Removed)>...
>> Hi all,
>> I have a home network and an office network. The home network has a
>> Debian
>> box and a Mandrake 9.1 box. The office network has hundreds on Windows
>> boxes and my Mandrake 9.1 desktop computer. I can VPN between home
>> Mandrake and office Mandrake and get complete access to the client
>> network. The issue is that the VPN server (on a Windows NT computer)
>> performs very poorly. Ping times are greatly increased and remote X is
>> painful.
>> I connect to the office by using NXClient (I have a NXServer running on
>> the office Mandrake box). This gives me a remote desktop of my office PC
>> at home as well as access to every VNC server running at the office.
>> The network admin won't open up ssh for me to connect to work directly.
>> Hence the issue.
>>
>> Question:
>>
>> Given my situation, how can I do some sort of reverse ssh to get access
>> to the office from home without doing it completely using the VPN?
>>
>> At work I have an entry in the /etc/hosts file called "home" that point
>> to my home IP address.
>>
>> I would expect something like this:
>>
>> - VPN to work
>> - then ssh to work
>> - type in some command to open an ssh connection between work and home
>> - close the VPN
>>
>> now I have some sort of connection betwen work and home.
>>
>> On my home computer I would like to be able to see that connection as an
>> entry in the route table. (Home network is 192.168.0.* and work is
>> 192.168.1.*).
>>
>> Is this feasible?
>> Is there another way?
>> How would you do it?
>>
>> Thanks,
>> Allistar.
>
> If the M$ NT VPN is the problem, then just flip it out of the equation
> and do everything via SSH?

The firewall for the office won't let through ssh connections, which is why
I need some sort of reverse ssh. I want to somehow route the entire work
subnet (on 192.168.1.*) on my home pc via a reverse ssh connection.

Thanks,
Allistar.

On Thu, 16 Oct 2003 10:45:33 +1300, Allistar <(E-Mail Removed)> wrote:
>
> The firewall for the office won't let through ssh connections, which is why
> I need some sort of reverse ssh. I want to somehow route the entire work
> subnet (on 192.168.1.*) on my home pc via a reverse ssh connection.
>
> Thanks,
> Allistar.


You can establish a PPP connection over ssh, then set up your
default route through PPP interface.

http://www.faqs.org/docs/Linux-mini/ppp-ssh.html

You could also use a VPN like freeswan to go back out instead of
going through ssh.

You should be aware that many IT administrators dislike people working
around their firewalls. Some places consider it a termination level
offense

*snip*

I rather expect you will you get fired for circumventing company
network security policy.

Best of luck!

Allistar <(E-Mail Removed)> writes:

>Mattias Honrendgard wrote:

>> Allistar <(E-Mail Removed)> wrote in message
>> news:<8cKib.906$(E-Mail Removed)>...
>>> Hi all,
>>> I have a home network and an office network. The home network has a
>>> Debian
>>> box and a Mandrake 9.1 box. The office network has hundreds on Windows
>>> boxes and my Mandrake 9.1 desktop computer. I can VPN between home
>>> Mandrake and office Mandrake and get complete access to the client
>>> network. The issue is that the VPN server (on a Windows NT computer)
>>> performs very poorly. Ping times are greatly increased and remote X is
>>> painful.
>>> I connect to the office by using NXClient (I have a NXServer running on
>>> the office Mandrake box). This gives me a remote desktop of my office PC
>>> at home as well as access to every VNC server running at the office.
>>> The network admin won't open up ssh for me to connect to work directly.
>>> Hence the issue.
>>>
>>> Question:
>>>
>>> Given my situation, how can I do some sort of reverse ssh to get access
>>> to the office from home without doing it completely using the VPN?
>>>
>>> At work I have an entry in the /etc/hosts file called "home" that point
>>> to my home IP address.
>>>
>>> I would expect something like this:
>>>
>>> - VPN to work
>>> - then ssh to work
>>> - type in some command to open an ssh connection between work and home
>>> - close the VPN
>>>
>>> now I have some sort of connection betwen work and home.
>>>
>>> On my home computer I would like to be able to see that connection as an
>>> entry in the route table. (Home network is 192.168.0.* and work is
>>> 192.168.1.*).
>>>
>>> Is this feasible?
>>> Is there another way?
>>> How would you do it?
>>>
>>> Thanks,
>>> Allistar.
>>
>> If the M$ NT VPN is the problem, then just flip it out of the equation
>> and do everything via SSH?

>The firewall for the office won't let through ssh connections, which is why
>I need some sort of reverse ssh. I want to somehow route the entire work
>subnet (on 192.168.1.*) on my home pc via a reverse ssh connection.

>Thanks,
>Allistar.
--
Vincent Fox
Georgia Institute of Technology, Atlanta Georgia, 30332
Internet: (E-Mail Removed)

Creideiki wrote:

> On Thu, 16 Oct 2003 10:45:33 +1300, Allistar
> <(E-Mail Removed)> wrote:
>>
>> The firewall for the office won't let through ssh connections, which is
>> why I need some sort of reverse ssh. I want to somehow route the entire
>> work subnet (on 192.168.1.*) on my home pc via a reverse ssh connection.
>>
>> Thanks,
>> Allistar.
>
>
> You can establish a PPP connection over ssh, then set up your
> default route through PPP interface.
>
> http://www.faqs.org/docs/Linux-mini/ppp-ssh.html
>
> You could also use a VPN like freeswan to go back out instead of
> going through ssh.

Thanks, I'll take a look. Hopefully I can do that through an initial reverse
ssh connection from the office to home. I wonder if that would mean I am
routing an ssh connection over an ssh connection, and if so what hit that
would have on performance.

> You should be aware that many IT administrators dislike people working
> around their firewalls. Some places consider it a termination level
> offense

The network admin knows what I am trying to do. All I want to do is prove
that their MS VPN runs like a dog so we can replace it with a Linux
solution.

Allitar.

Vincent Fox wrote:

> *snip*
>
> I rather expect you will you get fired for circumventing company
> network security policy.
>
> Best of luck!

Thanks for the concern but I'll be ok, the admin know exactly what I am
trying to do. It's more secure than having him open up a port in the
firewall for me.

Allistar.

Allistar <(E-Mail Removed)> writes:

>Vincent Fox wrote:

>> *snip*
>>
>> I rather expect you will you get fired for circumventing company
>> network security policy.
>>
>> Best of luck!

>Thanks for the concern but I'll be ok, the admin know exactly what I am
>trying to do. It's more secure than having him open up a port in the
>firewall for me.

You didn't mention that.

In that case, PPP over ssh, or freeswan seem best.


--
Vincent Fox
Georgia Institute of Technology, Atlanta Georgia, 30332
Internet: (E-Mail Removed)