Astute readers may have noticed that only the home desktop has access to the office intranet. Trains originating from other stations within the home network currently are not rerouted through the home desktop station. I feel that this configuration is at least marginally more secure, as it reduces the exposure of the office network to compromises at home. If you desire connectivity from other machines on the home network, simply add the appropriate iptables rules to the up directive in vtund-client.conf. I leave that as an exercise for the interested reader.
The above configuration works perfectly if you can connect by SSH to any machine on your office network. Unfortunately, many offices do not provide any open incoming ports. This was precisely the situation I found upon arrival at my new job, but the flexibility of VTun allowed me to overcome even this obstacle. The solution is to reverse the configuration, using the office desktop as the VTun client and originating the SSH tunnel from within the office.
To make this solution work, we must be able to access our home machine from within the office. However, most broadband connections have dynamic IP addresses. We can sidestep this issue by using a DNS service tailored for dynamic IPs, such as that provided by DynDNS.org.
The greatest downside to this approach is its relative fragility. In a secure setup, the client does not start automatically because the SSH connection requires authentication, leaving you out in the cold if the office machine goes down due to a power outage. If you are less worried about security, you can automate login using SSH public key authentication without a passphrase or expect scripting. I do not encourage either method.
If your office machine is on a UPS, you rarely should encounter this problem. In the six months that I have used this setup, only one power outage lasted long enough to kill the client side of my VPN. This setup also is robust on the home network side. You can take your machine off-line for days, and the VPN re-initializes as soon as you start the vtun server, thanks to the intelligent keepalive and retry facilities in the client.
Hopefully, you now have an appreciation for the versatility and power of a VTun VPN and possess the technical know-how to set one up for yourself. Unfortunately, a comprehensive discussion of VTun's feature set is well beyond the scope of this article. Beyond the basic setups described above, VTun allows Ethernet, PPP or SLIP tunneling of protocols other than IP. VTun also provides native support for encryption, compression and bandwidth shaping, so it is adaptable to every imaginable connection scenario. VTun belongs in the toolkit of every network user and deserves mention alongside breakthrough applications such as OpenSSH, rsync and screen.
Ryan Breen (firstname.lastname@example.org) is a 2000 graduate of Duke University with degrees in Computer Science and Economics. He is currently living in Boston with his girlfriend of three years and dog of two and a half years. At work, he builds high-throughput browser simulations, is a devoted KDE user and occasional KDE developer.
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
|Trying to Tame the Tablet||May 08, 2013|
- Using Salt Stack and Vagrant for Drupal Development
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- The Pari Package On Linux
- New Products
- Home, My Backup Data Center
- Developer Poll
- This is the easiest tutorial
4 hours 33 min ago
- Ahh, the Koolaid.
10 hours 12 min ago
- git-annex assistant
16 hours 12 min ago
- direct cable connection
16 hours 34 min ago
- Agreed on AirDroid. With my
16 hours 44 min ago
- I just learned this
16 hours 48 min ago
17 hours 19 min ago
- not living upto the mobile revolution
20 hours 10 min ago
- Deceptive Advertising and
20 hours 45 min ago
- Let\'s declare that you have
20 hours 46 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.