|
-
July 7th, 2004, 09:28 PM
#1
tunelling thru HTTP/HTTPS
Ive received a request from our "roaming" admins :P
but first let me explain the context.
we (my client) have a team to implement networks on small companies (or even at home) using adsl connections. Those guys go the the company (or house) and install modem, router, firewall, pcs, cables, etc...
but now they want to do remote support.
they want to control that infra structure remotelly. but due they work at field, they want to do that thru HTTP (HTTPS preferable).
to do that they want to access the (https) customer fw. Ahn, all firewalls are linux box running Netfilter and other tools. From the fw they are able to control the rest of infra structure.
I need to to that asap. So while im digging on google, i put this "ask for help" here to see if anyone has a "fast solution" to add to those linux box. they wanna to get a command line at least.
2nd problem: nothing can be installed at "admin station". they can be anywhere and wanna to access fw. They can be even on other client.
3nd problem: in some cases, port must be standard HTTP/HTTPS for station side.
fast suggestion? anyone?
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
July 7th, 2004, 09:59 PM
#2
ssh comes to mind. Run it on port 80/443 instead of 22.
-
July 7th, 2004, 10:07 PM
#3
I'm not really sure what you mean that they want to access the customer via HTTPS. Do you require some sort of web-interface for the RA, or do you just need to use 80 and 443 to insure the ports are open(get through a FW)? I suggest looking into using SSH and HTTPS together in a way which supports your business needs, both are flexible and can tunnel as well as be proxied so it should be fairly easy to get through firewalls with the right setup. If it is a Web interface you require I know that ShoreWall ( http://www.shorewall.net/) has a Webmin ( http://www.webmin.com/ ) module so once again a little tunneling/proxying could make that accessible if thats the type of soloution you need. Perhaps if I knew more about exactly what you needed to achieve and what limitations you have to deal with I could be more helpful.
-Maestr0
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
-
July 8th, 2004, 08:30 AM
#4
http://www.apache-ssl.org/
I don't recommend rushing through setting up a 'secure' web server. Crackers
get their hands on sites that didn't RTFM at a nauseating rate.
Get OpenSolaris http://www.opensolaris.org/
-
July 8th, 2004, 09:08 AM
#5
Have you thought about an SSL-VPN solution?
Search google for SSL VPN, there are numerous options.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 13th, 2004, 08:51 PM
#6
ive got some ideas here and googled them.
But first let me clarify some points:
a) those "admins" (field support) dont use to have a "fixed" location to access the "target" machine. So, we reach a minimum requirement: The place where they are should be access to Internet (obvious) and have at least HTTP/HTTPS capability. When that company receive a call about some client problem, they pass it to field support (kind FIFO fashion) to solve it. Field support need to access that client whatever he is (like in other client, MacDonalds, etc).
b) they wanna to get access to that machine. they wanna at least command line (like telnet). But if they can get KDE, it will be fine.
c) This solution must run on Linux. and must be free (i forgot the free part)
d) They told me that some proxies wont allow them to pass thru it just assign port thu ssh, like using port 443. Proxy wants a https structure flowing thru it.
e) obviously, must be clientless. (they cant install a client anywhere, like in a cybercafe)
So, I left with SirDice idea. SSL VPN.
fortunatelly, there is a lot of solution that is clientless.
unfornatelly, i found none for free.
any ideas about free SSL VPN Clientless for Linux?
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
July 13th, 2004, 09:31 PM
#7
If I understand you...
Can you set up VPN`s?
-
July 13th, 2004, 09:40 PM
#8
yeap, if u can tell me a clientless ssl vpn for free...
since that company is administrating his clients, they can install "administrative" software on clients machine. However, it cant be piracy. must be freeware or GPL.
I can use a vpn if i can fit all that rules..... and at zero cost... hard, inst it?
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
July 14th, 2004, 03:25 PM
#9
Maybe you can use stunnel to tunnel ssh through a http(s) proxy?
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 14th, 2004, 04:54 PM
#10
thanks Sirdice, i will conduce some tests on my lab to see how it works. Maybe i finally found the solution!
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote