Let's assume that your site administrator allows
transparent TCP connections to some port on some remote machine,
(be it the standard SSH port 22, or an alternate destination port,
like the HTTP port 80 or whatever),
or that you somehow managed to get some port in one side of the firewall
to get redirected to a port on the other side
(using httptunnel
, mailtunnel
, icmptunnel
,
some tunnel over telnet
, or whatelse).
Then, you can run an sshd
on the remote port,
and connect to it with an ssh
on the local port.
On both sides of the ssh
connection,
you run IP emulators (pppd
),
and there you have your VPN, Virtual Public Network,
that circumvents the stupid firewall limitations,
with the added bonus of being encrypted for privacy
(beware: the firewall administrator still knows the other end of the tunnel,
and whatever authentication information you might have sent before to run
ssh
).
The exact same technology can be used to build a VPN, Virtual Private Network, whereby you securely join physical sites into a one logical network without sacrificing security with respect to the transport network between the sites.
Below is a sample session to integrate in a shell script (it assumes sh/bash syntax; YMMV).
Be sure to edit this into a script
with the right values for your needs.
Use option -p
for ssh
to try another port than port 22
(but then, be sure to run sshd
on same port).
You can use slirp
on the remote end,
if you are not root
there, or simply want to screen your
local network from outbound connections.
Automatic reconnection is left as an exercise to the reader.
REMOTE_ACCOUNT=root@remote.fqdn.tld REMOTE_PPPD="pppd ipcp-accept-local ipcp-accept-remote" LOCAL_PPPD="pppd silent 192.168.0.1:192.168.0.2" cotty -d -- $LOCAL_PPPD -- ssh -t $REMOTE_ACCOUNT $REMOTE_PPPD
(Note: this command requires cotty
0.4 or later.)