Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


March 2007

Secure Connectivity on the Road

Use OpenSSH and Squid to create a non-Microsoft VPN
From the March 2007 Edition
of Windows IT Pro
Mark Joseph Edwards
Solutions +
InstantDoc #94902
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Security Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Step 3: Install OpenSSH on the Client Computer
Next, you need to install a copy of OpenSSH on your mobile computer system. Because you're using your mobile computer as a client and not as an OpenSSH server, you don't need to configure anything after installing the OpenSSH software on your mobile computer. Just remember where you installed the software, so you can access the ssh command-line tool to connect to your newly built OpenSSH server.

Again, remember that OpenSSH installs itself as a service set to start automatically. It's probably a good idea to set the service to start manually on your client system, unless you're sure that you'll use it frequently.

Step 4: Fire Up the Server and Connect
Now you're ready to start the OpenSSH and Squid for Windows services (if they aren't already started) on the server and test client connectivity. After you start the server services, on your mobile workstation, open a command shell and navigate to the bin subdirectory of your OpenSSH installation, in which you'll find the ssh command-line tool. Log on to your OpenSSH server by using the following command: 

ssh -p 422 -L 3127:127.0.0.1:3128
  XYZ@IP

The -p 422 parameter tells the ssh client to connect to the OpenSSH server on port 422 (or the port number you defined in the OpenSSH configuration in Step 1). The -L parameter causes the ssh client to open port 3127 on the local machine and forward traffic sent to that port to port 3128 on the remote system, which is your Squid for Windows proxy server's port. If you used a different port number for Squid for Windows, be sure you adjust the command appropriately. XYZ is your username, and IP is the IP address of your OpenSSH server.

You can use any unused port number in place of 3127 on the client. Remember the port number because you'll need it when configuring client applications in Step 5.

After the ssh client opens the connection between your mobile system and your remote OpenSSH server, you'll be prompted to log on. Be sure to use the same username and password to log on that you defined in Step 1. This is either your local Windows username and password on your OpenSSH server or your domain username and password as derived from your domain controller (DC), if you used that method of creating the group and passwd files.

Step 5: Configure Your Client Applications
With the encrypted connection open and ready to use, you can configure your Web browser (and other necessary applications) to use the Squid proxy server. Be sure to set the proxy server address to the localhost address 127.0.0.1 on port 3127 (or the port you used on your local client computer).

When you configure your client applications to use a proxy server (which in this case is actually the SSH client running on your local system), all your network traffic will be tunneled over your secure encrypted VPN connection, which is routed through your OpenSSH server to its destination, as Figure 2 shows. However, if your applications don't support proxy connections, their traffic won't be tunneled over the secure connection and instead will travel directly over your regular network connection.

Cowabunga! Connectivity
That was easy, right? Even though this solution takes only a few minutes to implement, you might consider making a copy of your OpenSSH server and Squid for Windows configurations on portable media such as a flash drive, so that you can rebuild the server side of the solution on another server much faster in the future.

Also, be sure you test this solution before you go on the road, because your client, server, and network border firewalls might need adjustments to port settings or general rules for the OpenSSH and Squid for Windows services to work correctly. And finally, if your network uses Network Address Translation (NAT) and your OpenSSH server has a NAT address, you might need to configure port forwarding on your firewall to ensure that overall routing and connectivity works correctly.

End of Article

   Previous  1  2  [3]  Next  


Reader Comments
I recommend using copSSH - OpenSSH for Windows (http://www.itefix.no/phpws/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=12&MMN_position=22:22)
It's a lot more up to date than Openssh for Windows 3.8.1p1. It include version 4.6p1 which patches a lot of security holes and is still updated regularly. I would also recommend using puTTy on the client side. No installation required. You can even run it from a removable flash drive.

quillinanm March 13, 2007 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Learning Path To learn more about remote access
"Secure Remote Access Solutions"


To learn more about VPNs
"Building a Secure VPN"

"Network Architecture 101"

"Secure VPN Alternatives"

"SSL VPN Products Buyer’s Guide"

"VPN Step-by-Step"
Top Viewed ArticlesView all articles
Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

How can I stop and start services from the command line?

...

Where is Microsoft NetMeeting in Windows XP?

...
Security Whitepapers The Impact of Messaging and Web Threats

Why SaaS is the Right Solution for Log Management

Protecting (You and) Your Data with Exchange Server 2007
Related Events SQL Server 2008 – Can You Wait? | Philadelphia

SQL Server 2008 – Can You Wait? | Atlanta

SQL Server 2008 – Can You Wait? | Chicago

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Register for Orion NPM v9 - Evaluation
Affordable, easy-to-use network performance management with SolarWinds Orion – Free Trial!

Want a Hardware-Independent Image?
Binary Research, the Ghost people, shows you how to clone with 1!

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing