[nycbug-talk] Fwd: RE: need help asap, will pay, ms vpn client

[George Georgalis]

On Wed, Mar 16, 2005 at 05:52:32PM -0500, G Rosamond wrote:

>On Mar 16, 2005, at 5:45 PM, George Georgalis wrote:
>
>>Thanks much to George R's suggestion. Preliminary tests work:
>>port forwarding tcp 137,138,139,445 from gateway box to samba
>>share box, on private lan, works.
>
>Great to hear. . . cheap and simple VPN over SSH.

who would have thought SMB would work without udp, shew.

>>
>>My preliminary was to do tcp only port forwarding of said ports
>>to a box behind it running samba. The client is not able to
>>"browse" discover the share, but if the (gateway) hostname, user
>>and password (samba host) is specified, the client can mount
>>user homes from the samba server through the firewall via tcp
>>only (the protocol calls for tcp and udp 137,138,139).
>>
>>This means, a roaming windows client can setup (putty) ssh -R
>>tunnels to a remote gateway which allows for smb connections
>>from localhost to the private smbserver. So the roaming client
>>can specify, via "netuse" the gateway as the location of their
>>shares and mount the protected samba share through the encrypted
>>tunnel.
>
>How are you doing auth? private/pub keys?

rsa/dsa pubkey to a crippled account on the gateway, which has
port-forwarding done by root. haven't worked out the account
particulars yet.

I'm really most worried about the "ssh -R + netuse + map network
drive" commands on MS, because I've not got my head completely
around that only have the sense that it will work.

// George


-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org