dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3909
share rss forum feed


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Open VPN???

Okay I d/l what looks like an OpenVPN client. I have to have something like an opvn zip or file and it creates an L2TP server which talks to the L2tp client on the phone and they connect to an OPen VPN server.... very confusing. Im guessing this is totally useless since I dont know how to to any of the above, my intent was to connect to the USG via open vpn hahaha sounds stupid now that Ithink of it. Maybe tis good for anonymous surfing^??
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


JPedroT

join:2005-02-18
kudos:1

Okay, let me start with the dumb question, what is that you want to achieve?

OpenVPN is just an other way to do VPN, I think it uses something based on SSL/TLS so I doubt that it will work with L2TP endpoint(s) on the ZyXEL device.

I got the best VPN solution in the world, I do SSH tunneling, always works and it works with about everything I need it to. I have not had an instance where it has not worked as a solution for me.
--
"Perl is executable line noise, Python is executable pseudo-code."



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Jpedro, I could smooch you but your probably too short HAHAHAHA.

Seriously, so I should try SSH from my android phone to my NAS boxes to see files (not necessarily stream) but have better connectivity than this frustrating L2TP VPN scenario?? LTE and 4G suck ass and even lowered MSS to 600 from Auto.


JPedroT

join:2005-02-18
kudos:1

1 recommendation

Does your NAS support OpenVPN, if they do, why not use OpenVPN to connect to that one?

My QNAP NAS supports OpenVPN at least.

If you want to be a real nerd, read this for SSH,

»www.revsys.com/writings/quicktip···nel.html
--
"Perl is executable line noise, Python is executable pseudo-code."



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

1 edit

No I have el cheapo NAS boxes. I was hoping to use SSH to reach the router and specifically then access to the LAN....

So what can SSH do for me or is this all a big tease.
How do I setup the router?
Okay the router is really ssh limited. its seems only for admin access only version 1? Nothing like using it for routing. Hmm I imagine your going to tell me just to virtual server and fw rule it to some box or IP range??


JPedroT

join:2005-02-18
kudos:1

You do not have to change anything on your router as long as it accepts SSH connections (okay, maybe, but either it supports tunneling or not)

Install this on your S3

»www.howtogeek.com/121698/how-to-···-tunnel/

Follow the instructions in the link above.
--
"Perl is executable line noise, Python is executable pseudo-code."



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

3 edits

Well the router is a USG100, but I can fire up a USG300 (but it sounds like the inside of an airliner) if it helps.

More importantly its clear that they state the SSH server built into the router. Is there such a beast on the USG. In other words the android phone has to ssh to some entity???? Where is that pesky daemon hiding?
I read a post somewhere that said in ver 3.0 one could install intermediary certificates if that is helpful??


JPedroT

join:2005-02-18
kudos:1

The Android phone has to ssh to the USG. If you use the tunnel thingy the USG will then be the SSH GW and forward your traffic to a server on the lan side.

But the limitation is that you need 1 tunnel per host on the lan side you want to access.
--
"Perl is executable line noise, Python is executable pseudo-code."



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Do you mean a gateway to an SSH server or to my NAS box to read files?



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

Your mixing apples with oranges and pears.

If you want to use OpenVPN set it up on your NAS or some other server on LAN.
For SSH tunnelling I'd recommend the same, use sshd server on your NAS (most of NAS devices have sshd). If you really want to access files (the copy method) then from windows use WinSCP from Android use DroidSCP or something similar. It's very simple.

As inspiration, since I love separating my devices, I'm using Raspberry Pi as my sshd server which has my NAS drives mapped. This way I don't have to change any config on my QNAP and RPi is full blown linux allowing lots of flexibility.


JPedroT

join:2005-02-18
kudos:1
reply to Anav

said by Anav:

Do you mean a gateway to an SSH server or to my NAS box to read files?

You still have not answered what you want to achieve.

But as Brano said its either or, OpenVPN if your NAS supports it or SSH to either your GW or NAS.
I would do try the GW first, because then you do not need to port forward anything. Just allow SSH access to your GW from the WAN.

What do you use to access your files on your NAS from your phone on your LAN, a browser?

Basically with SSH you do the following.

1. Create a tunnel to the GW which forwards traffic to your NAS (any host). See earlier posted links to SSH Tunnel for Android.
2. Then you use for instance your browser to connect to the tunnel, this usually means typing in »127.0.0.1:Your_Choosen_Port
--
"Perl is executable line noise, Python is executable pseudo-code."


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

I have no clue on how to create an SSH tunnel to the gateway. There are no settings in the router for that. The only thing is SSH access by admin to the router itself.



mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

Anav, just switch to a CISCO Router solution and you'll have ZERO problems. Why even bother with SSH ... unless you want to be a Linux nerd. BTW, get you self a Windows 8 phone and get rid of all this stupid nonsense. Stop screwing around with Google's Android OS --- it's one big pile of malware.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Too late mozerd, Rogers owns my ass now.
Cisco is for the upper echelons who watch my peoples from the villages fight it out at the hunger games.


JPedroT

join:2005-02-18
kudos:1
reply to Anav

said by Anav:

I have no clue on how to create an SSH tunnel to the gateway. There are no settings in the router for that. The only thing is SSH access by admin to the router itself.

You are not supposed to do anything on the router EXCEPT for allowing WAN access to the router with SSH.

The heavy lifting is done on your phone.
--
"Perl is executable line noise, Python is executable pseudo-code."

JPedroT

join:2005-02-18
kudos:1
reply to mozerd

said by mozerd:

Anav, just switch to a CISCO Router solution and you'll have ZERO problems. Why even bother with SSH ... unless you want to be a Linux nerd. BTW, get you self a Windows 8 phone and get rid of all this stupid nonsense. Stop screwing around with Google's Android OS --- it's one big pile of malware.

As for Cisco, fine whatever, but I got a problem with that, since I work in an ABC shop (anything but cisco)

Also Android is just fine, unless you think that any app is good thing, just like facebook, just know what you are doing
--
"Perl is executable line noise, Python is executable pseudo-code."


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to JPedroT

Jpedro, do you mean a Wan to ZYWALL firewall rule to allow a specific port. YOu have me confused. Maybe I need a drink and it will all become clear.

Okay hou bowt
1 - create an SSH policy route from a specific user
a. SSH-L2TP user
b. Incoming - Interface - WAN1
c. Source - Any
d. Destination - LAN1 Subnet where my nas boxes are located
e. Service - SSH
f. Next Hop - Trunk - my spillover trunk defined (not the default - not used)
g. SNAT - outgoing-interface

(by the way changed service ADMIN router access ssh to non-standard port to avoid any interference)

Associated FW rule.
1. Wan to LAN1
a. SSH-L2TP User
b. Source - Any
c. Destination: LAN1 Subnet
e. Service: SSH
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to Anav

I probably have this all wrong LOL
I probably should be using the SSH server port in the System section ie leave it at 22 and create my firewall rule differently ie WAN to ZyWALL to allow traffic to the server port on the zywall AND THEN change my policy route source entry to Zywall.


JPedroT

join:2005-02-18
kudos:1

You are making this way to complicated.

1. WAN to ZyWALL allow SSH and make sure you can login with SSH from the WAN to your ZyWALL ie reach CLI mode.

2. Create a tunnel with your phone, using a standard SSH client on Android (or ssh tunnel or something that acts as SSH client and can do tunneling)

3. Connect to your NAS through the tunnel with your phone BUT YOU HAVE NOT TOLD US HOW YOU WANT TO ACCESS YOUR NAS!!!!!! YOU NEEEEEED TO TELL US THAT, BROWSER, TELNET, FTP OR SOME MUMBO JUMBO APPLICATION?!?!?!?!

Example

Phone - USG - NAS

USG
WAN IP: x.x.x.x
Port : 22

NAS
LAN IP : 192.168.1.2
Port : 80 (for web browsing)

If you got terminal and an ssh client on your phone you need to write this:

ssh -f your_username@ZyWALL_USG_WAN_IP -L 20000:NAS_LAN_IP:80 -N

Or from the example above :

ssh -f your_username@x.x.x.x -L 20000:192.168.1.2:80 -N

Now you need to login once or twice with your password.

Then open the browser on your phone, type "http://127.0.0.1:20000" in the url field and you should see whatever your NAS serves up on port 80.
--
"Perl is executable line noise, Python is executable pseudo-code."



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Okay that seems not so bad. Hopefully I will get time later.
I thought I was being pretty funky there with a FW rule and policy routing. Dont I need to policy route from the SSH server to my lan or something LOL. I mean its required for l2TP tunnels???


JPedroT

join:2005-02-18
kudos:1

Can your NAS ping the USG and the USG ping the NAS? If yes, then you should not need that.
--
"Perl is executable line noise, Python is executable pseudo-code."



bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1
reply to Anav

said by Anav:

Seriously, so I should try SSH from my android phone to my NAS boxes to see files (not necessarily stream) but have better connectivity than this frustrating L2TP VPN scenario??

If all you want to do is see files, why not go with something like DropBox? This is one of several file sharing solutions that are much easier than vpn/ssh/etc.

I'm shaking my head in disbelief over this thread, as you've never properly described what you want to accomplish (see JPedroT's comment 3 about how you want to access files).

Not that I'm suggesting this thread devolve to an ssh proxy/forwarding how-to, but I'm an advanced user of SSH and at work I access as many remote Linux boxes as I want on the remote network using a very simple ssh config file (~15 lines and proxy.pac to replace use of Cisco VPN client for web/ssh/imap access to corporate worldwide network).


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Dont fight your natural instinct to shake your head or wag your tail.
What I want to do is establish a highest throughput secure link between
a. android phone and NAS boxes
b. remote laptop and NAS boxes.

This will facilitate transfering of files on the road and perhaps even streaming a video file. Your boxie solutions are useless because one can only store so many media files before free limits are overcome. I will admit, the L2TP VPN seemed to work fine for text files.

Unfortunately I am not so conversant on SSH. I find it a struggle to load an FTP server app on my computer and get that working let alone VPN. I like the idea though of overcoming whatever SSH block is in my head because you all make it seem so damn easy so I must be missing something obvious.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment



bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1

Apologies if you answered earlier, do you have enough upstream bandwidth to serve up media files? If L2TP VPN worked fine for text files, what happened when you tried media files?



bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1
reply to JPedroT

Anav/Donkey, to borrow one of the first questions you received ---

said by JPedroT:

Okay, let me start with the dumb question, what is that you want to achieve?

^^^ I keep coming back to this, and the Anav/Donkey's answer shouldn't be "highest throughput secure link" or we will need to verbally abuse you again


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to Anav

My ISP as I have noted previously LOL, is 50 down 30 up.
Bell Fibre OP, care to swap webspit
Media files at auto mss setting would prevent any of my file explorer apps from opening sub folders, with mss set at 600 I can at least drill down and see all files. A Tv show can start sometimes but if it does it usually stutters and stops. This was true for LTE, 4G or wifi at a coffee shop.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to Anav

Im about to root my phone to see if that helps.



bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1
reply to Anav

OK, so please explain why L2TP/IPSec "works fine for text files" and reading between the lines doesn't work fine for media files.



bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1
reply to Anav

said by Anav:

Im about to root my phone to see if that helps.

Yes, that will fix things. And solve world hunger. And make your phone a magnet for malware. Sigh.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to bbarrera

I can easily open a text file. It just works.
I can open a folder containing just text files
I cannot open a folde with many media files
I cannot play media files (stream).

I use apps that can see the NAS boxes.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment