Do It Yourself: a minimal VPN

Problem: With NAT:ed LAN:s, it is not trivial how to login from internet to the computers on the LAN.

Solution: Let the DMZ box be the central node in a minimal VPN. When the your computers (regardless if they are in the LAN or out in the internet) get an IP, they automatically connect to DMZ box and reserve a special port on which they can be reached by other computers.

Since this is ssh, you are not restricted to login, you can just as well mount filesystems with sshfs or sync files with rsync, etc.

How to inactivate this stuff?

Sometimes, when network traffic is costly, or unreliable, you will want to inactivate the a certain client auto-connects to the DMZ box. Then, on the client do this:

chmod 644 /etc/network/if-*.d/my-vpn

To activate again:

chmod 755 /etc/network/if-*.d/my-vpn

Files needed on the clients (nodes)

  1. /etc/my-vpn
  2. /etc/init.d/my-vpn
  3. /etc/network/if-up.d/my-vpn
  4. /etc/network/if-down.d/my-vpn

Only the first file need to different on each client, files 2-4 are same on all clients.

comments powered by Disqus


Back to the index

Blog roll

R-bloggers, Debian Weekly
Valid XHTML 1.0 Strict [Valid RSS] Valid CSS! Emacs Muse Last modified: oktober 17, 2019