[geeks] SSH Forwarding a non-local server / OpenVPN

[Jonathan Patschke]

On Mon, 8 Jun 2015, Mark Benson wrote:

> I only need access to port 80 on it. Is there any way to forward it's
> port 80 to a point on Linux VM/server I can SSH forward? Is this a
> nightmare that's more effort than it's worth?

It's easy, provided that you've enabled gateway ports on the Linux server.

ssh -L 127.0.0.1:8080:windows-server:80 me at linux-server

Now, port 8080 on your client will act as port 80 on the Windows server,
so you can visit http://127.0.0.1:8080/ to interact with the Windows
server.

You will run into problems if the thing you're trying to hit on the
Windows server cares about the hostname in the URL (or feeds you absolute
URLs).

If your usage is rather low, you may want to consider installing Firefox
on the Linux server, running SSH with X11 forwarding, and running your
browser on the Linux server (with the display local to your client).

So, ssh -XC me at linux-server firefox http://windows-server/

You will need xauth installed and X running.  OpenSSH is pretty good about
mucking with xauth so that you don't have to.

> Alternatively, does anyone have a good tutorial/hardware platform
> recommendation for building a robust OpenVPN to make a router that
> will take a WAN connection and route Internet traffic in to the LAN
> (any outgoing, plus selected in incoming) and offer a VPN gateway to
> connect to the LAN from a remote point also?

I keep meaning to do a write-up on this.  OpenVPN is "easy when you know
how."  It ships with scripts that make the PKI parts of it as easy as they
can be, but there isn't much in the way of a HOWTO for general use.  You
basically have to either fumble your way to a working setup or crib the
last one you did, and that's an awful way to set up security software.

-- 
Jonathan Patschke | "Right now, computers, which are supposed to be our
Elgin, TX         |  servant, are oppressing us."
USA               |                                       -- Jef Raskin