[ previous ] [ next ] [ threads ]
 From:  Nicolai Scheer <scope at planetavent dot de>
 To:  Michael Graves <mgraves at mstvp dot com>
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>, Chris Buechler <cbuechler at gmail dot com>
 Subject:  Re: [m0n0wall] SSL VPN?
 Date:  Tue, 20 Jan 2009 16:20:14 +0100

Michael Graves schrieb:
> Thanks for the clarification. My issue doesn't really relate to being
> clientless. It has to do with being a guest on someone LAN.
> I'd like to be able to ship a device to a prospect for demonstration.
> They put it on their network. We then use something like Webex or
> GotoMeeting to orchestrate a live remote demonstration.
> As I'm doing the demo I'd like to be able to send commands to the
> device under test using an XML protocol over TCP sockets. At present I
> have the device configued to make a PPTP VPN  connection back to my
> office LAN. Once its connected I can send XML commands to it as if its
> local.
> However, lots of prospects don't allow me to initiate a PPTP connection
> from the LAN. The real question is what can I do to ensure that I have
> the ability to connect to the device under test?

I don't know, if I got you correctly. To my mind all you need could be
archieved with a simple ssh port forwarding (reverse tunneling). Just
for the reason you mentioned (disallowed PPTP connections) I have not
only a single ALIX running m0n0wall on my home network, but two ALIX
boards: The other one runs a minimum debian installation with an ssh
server. My m0n0wall just forwards the ssh ports to my ssh machine.

This way, you just need some ssh client (putty is great!) on the
prospect's network, establish a reverse tunnel, and are able to access
your device through your own network. And even if the ssh port ist
blocked, you can switch your ssh server to some open port (e.g. 80,
which is open most of the time).

hope that helps,