[KLUG Members] how can I get around a port block to setup vpn?

[Dirk H Bartley]

On Fri, 2003-11-21 at 08:05, Tony Gettig wrote:
> Quoting Rusty Yonkers <therustycook@yahoo.com>:
> 
> > I am wanting to setup a vpn between work and home.  At work our
> > internet connection goes through a firewall that I do not control. 
> > They have blocked a number or ports and services.  One of them
> > appears to be vpn.  Is there a way that I can setup a tunnel through
> > the firewall to home that would get by that??  
> 
> It seems like I remember there being a way to use SSH outbound from the
> corporate network, back to a home host, and keep it nailed up somehow. I've not
> done this, but I want to learn it. I'll reckon be reading the O'Reilly SSH book
> today now. :)
> 

If you can get out with an ssh client from your corporate internal
network, the ssh method is as follows.  Create a little script that
looks like this at the linux machine at work

ssh -f -g -R4307:localhost:389 -R4306:srv2:389 -R4304:srv1:23 \
-R4303:localhost:22 -R4310:srvtest:143 -L4302:localhost:80 \
-L4301:localhost:143 \
home sleep $1

Then execute it with "script timeinsecondstostayalive"

home is the host with an appropriate entry in /etc/hosts
-f means to fork into the background
-g Allows remote hosts to connect to local forwarded ports.
-R port:host:hostport
-L port:host:hostport

The limitation here is tcp only, no udp or icmp.  The list of tcp
forwards can be as long as you choose.

See page 10 through 17 for the details: 

ftp://ftp.kalamazoolinux.org/pub/pdf/sshpresent.sxi.pdf

Dirk