Right we don't really like the VPN client provided by corporate or the customer you support.. dedicate client needed, multi-factor authentication, platform dependent... especially when you have multiple clients you need to use every day.
As a poor IT guy like me you may have tried getting a socks proxy through SSH tunneling, and you liked it...
You may have also tried routing through SSH tunneling (i.e. sshuttle), and you LOVED it! ... This is really the most favorite solution for me for quite a long time as it's proxy free, and it works for all protocols with zero configuration changes on client side.
But now, I got a VPN free setup for my home office. It's just connected anywhere at home on any device to corporate network.
So - how I did this:
First, you need to have a customized router where you have more control (or maybe DD-WRT has the ability but don't know as I don't own one). I just setup a Ubuntu server on a Celeron J1900 mini-itx SoC and use it as my home router. It's been running great for almost a year now. It's much stronger than any consumer router you can find in the market. You can refer to another blog for how to set it up.
Second, you need to figure out a way to create tunnel to your mother ship using whatever authentication/protocols they support. For me I created a tunnel interface on my home router with two factor authentication (tun0).
Third, add routing rules on your router. If you want to make it even secure you may want to add "-s" to specify the sources.
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o tun0 -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Interface "eth1" here is my internal facing NIC so you can keep the forwarding private.
At last, you may want to adjust your home client DNS to use corporate DNS server as primary, so you don't have issue resolving corporate names.
Now you have a VPN free home office like me. cheers!
sudo iptables -A FORWARD -i eth1 -o tun0 -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Interface "eth1" here is my internal facing NIC so you can keep the forwarding private.
At last, you may want to adjust your home client DNS to use corporate DNS server as primary, so you don't have issue resolving corporate names.
Now you have a VPN free home office like me. cheers!
4 comments:
Thanks for sharing that blog with us. If anyone here searching How To Setup Vpn On Router then visit Manju’s Tech Blog.
Please continue this great work and I look forward to more of your awesome blog posts. 翻墙软件
Great post, and great website. Thanks for the information! 免费vpn
One of the biggest benefits of using a VPN is to keep your data secure and online activity private. An ISP and some organizations have ways to keep track of everything you do online. You can check out the source.
Post a Comment