Astute readers may have noticed that only the home desktop has access to the office intranet. Trains originating from other stations within the home network currently are not rerouted through the home desktop station. I feel that this configuration is at least marginally more secure, as it reduces the exposure of the office network to compromises at home. If you desire connectivity from other machines on the home network, simply add the appropriate iptables rules to the up directive in vtund-client.conf. I leave that as an exercise for the interested reader.
The above configuration works perfectly if you can connect by SSH to any machine on your office network. Unfortunately, many offices do not provide any open incoming ports. This was precisely the situation I found upon arrival at my new job, but the flexibility of VTun allowed me to overcome even this obstacle. The solution is to reverse the configuration, using the office desktop as the VTun client and originating the SSH tunnel from within the office.
To make this solution work, we must be able to access our home machine from within the office. However, most broadband connections have dynamic IP addresses. We can sidestep this issue by using a DNS service tailored for dynamic IPs, such as that provided by DynDNS.org.
The greatest downside to this approach is its relative fragility. In a secure setup, the client does not start automatically because the SSH connection requires authentication, leaving you out in the cold if the office machine goes down due to a power outage. If you are less worried about security, you can automate login using SSH public key authentication without a passphrase or expect scripting. I do not encourage either method.
If your office machine is on a UPS, you rarely should encounter this problem. In the six months that I have used this setup, only one power outage lasted long enough to kill the client side of my VPN. This setup also is robust on the home network side. You can take your machine off-line for days, and the VPN re-initializes as soon as you start the vtun server, thanks to the intelligent keepalive and retry facilities in the client.
Hopefully, you now have an appreciation for the versatility and power of a VTun VPN and possess the technical know-how to set one up for yourself. Unfortunately, a comprehensive discussion of VTun's feature set is well beyond the scope of this article. Beyond the basic setups described above, VTun allows Ethernet, PPP or SLIP tunneling of protocols other than IP. VTun also provides native support for encryption, compression and bandwidth shaping, so it is adaptable to every imaginable connection scenario. VTun belongs in the toolkit of every network user and deserves mention alongside breakthrough applications such as OpenSSH, rsync and screen.
Ryan Breen (email@example.com) is a 2000 graduate of Duke University with degrees in Computer Science and Economics. He is currently living in Boston with his girlfriend of three years and dog of two and a half years. At work, he builds high-throughput browser simulations, is a devoted KDE user and occasional KDE developer.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Back to Backups
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- A New Version of Rust Hits the Streets
- Google's Abacus Project: It's All about Trust
- Secure Desktops with Qubes: Introduction
- Seeing Red and Getting Sleep
- Fancy Tricks for Changing Numeric Base
- Secure Desktops with Qubes: Installation
- Working with Command Arguments
- CentOS 6.8 Released
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide