autossh and port forwarding (a cheap and easy VPN alternative, macOS to Linux)
I have a simple unsecured web service running on my home network, that I need to access from the office. Before, I was using Viscosity to connect to an OpenVPN instance running on a DD-WRT router at tome. But I also connect to home using the official OpenVPN client for iOS, which started complaining - and eventually stopped working - due to weak encryption in my 2011-era 2.4 install. I did a wholesale upgrade (new DD-WRT install, new keys, etc), and broke the VPN tunnel. Of course. I’m trying to figure out where it’s failing, and will likely eventually return to OpenVPN, but in the interim, I dusted off my SSH knowledge and redirected local ports on my macOS box to servers on my home network.
.ssh/config
First, I setup a private/public keypair and created an entry for my home network using a Dynamic DNS address I have setup (all addresses have been changed to protect the idiotic):
Forward local ports
Next, I forwarded local port 8087 to port 80 on one of my internal boxes, and local port 15900 to port 5900 (VNC) on another:
Voila, now I can browse to http://127.0.0.1:8087 and access the home server, and pull up the desktop using /System/Library/CoreServices/Applications/Screen Sharing.app on the Mac:
autossh
Next step was to automate keeping the tunnel open. I use brew to manage “Unix-style” packages on macOS - highly recommended.
.ssh/config
First, I setup a private/public keypair and created an entry for my home network using a Dynamic DNS address I have setup (all addresses have been changed to protect the idiotic):
$ cat .ssh/config
Host home
Hostname myplace.adynamicdnsprovider.com
User root
IdentityFile ~/.ssh/homerouter.rsa
Forward local ports
Next, I forwarded local port 8087 to port 80 on one of my internal boxes, and local port 15900 to port 5900 (VNC) on another:
ssh -L 8087:192.168.1.2:80 -L 15900:192.168.1.10:5902 home
Voila, now I can browse to http://127.0.0.1:8087 and access the home server, and pull up the desktop using /System/Library/CoreServices/Applications/Screen Sharing.app on the Mac:
autossh
Next step was to automate keeping the tunnel open. I use brew to manage “Unix-style” packages on macOS - highly recommended.
$ brew install autossh
$ cat StartSSHTunnel.command
#!/usr/bin/env bash
autossh -M 0 -N -f -q -L -L 8087:192.168.1.2:80 -L 15900:192.168.1.10:5902 \
-o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no \
-o BatchMode=yes home
And that’s it! It’s not quite as elegant or seamless as having a properly functioning VPN, but I got it up and running in about 5 minutes, vs. banging my head against the wall trying to troubleshoot why Viscosity can’t seem to connect to the router.
Comments
Post a Comment