Normally for ssh tunnels I use -D which creates a local socks tunnel listener (i.e -D1080) and means you can do away with manual port forwards, you can then use a sockswrapper (tsocks/dsocks) pointing at localhost to transparently proxify most applications. Note that for UDP based things neither -L or -D works (you have to use ssh's VPN mode for that). Since remote syslog is UDP by default this means ssh isn't a great option (you can tunnel it via nc etc but... anoying to setup).
On 10 May 2015 at 16:15, Joel Wirāmu Pauling <j...@aenertia.net> wrote: > Also consider tincd > > On 10 May 2015 at 04:51, Bonno Bloksma <b.blok...@tio.nl> wrote: > >> Hello Peter >> >> >> >> Petter Adsen wrote: >> >> > Now the question becomes; AFAIK, I could do this with ssh tunnels >> >> > and forward the ports on my router/firewall, or I could use >> >> > something like openvpn or IPsec (strongswan). >> >> >> >> Yes. Exactly. >> >> >> >> Also 'stunnel4' is useful too. >> > >> > Thanks, I didn't know about that one. >> > >> > [....] >> > >> > Thank you for your insight, that was very informative. From what I >> > gather from this, it might be just as well to go straight to openvpn. >> > >> > Let me explain. Already I need rsyslog, munin, and collectd. That would >> > require three separate ssh/ssl tunnels. However, if I set up openvpn on >> > the router I will just need the one tunnel, and I can set up remote >> > access to my home network at the same time, with the same bits and >> pieces. >> >> [...] >> >> > One thing I forgot to ask, though: how intensive is openvpn on >> resources, >> > especially CPU and memory? I was initially thinking of setting it up on >> the >> > router, but I am a little worried that it might be too much for it to >> handle. >> > Would it be feasible/better to set it up on a more powerful machine on >> the >> > inside and forward the traffic? >> >> Lots of people set up open vpn on the router if the router is capable of >> it. In your case the amount of traffic is definitely something a regular >> router should be able to handle. The most cpu is used when openvpn >> (re)negotiates a session key which is does by default every hour. >> If you find out you need more power simply create a rule on your router >> to forward udp 1194 to an inside machine and have openvpn running there. >> >> It is very easy to setup, for ssl keys there is a separate set of scripts >> called easy-rsa that will let you create the keys with the proper settings >> in no-time. >> >> If you want information more about openvpn use the openvpn users list ( >> openvpn-us...@lists.sourceforge.net) >> There is a commercial version too which has commercial support but you >> want the community version which comes with Debian. >> >> Bonno Bloksma >> >> >> -- >> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org >> with a subject of "unsubscribe". Trouble? Contact >> listmas...@lists.debian.org >> Archive: >> https://lists.debian.org/89d1798a7351d040b4e74e0a043c69d7d72e1...@hglexch-01.tio.nl >> >> >
