dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
80
JPedroT
Premium Member
join:2005-02-18

JPedroT to Anav

Premium Member

to Anav

Re: Open VPN???

Okay, let me start with the dumb question, what is that you want to achieve?

OpenVPN is just an other way to do VPN, I think it uses something based on SSL/TLS so I doubt that it will work with L2TP endpoint(s) on the ZyXEL device.

I got the best VPN solution in the world, I do SSH tunneling, always works and it works with about everything I need it to. I have not had an instance where it has not worked as a solution for me.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

Jpedro, I could smooch you but your probably too short HAHAHAHA.

Seriously, so I should try SSH from my android phone to my NAS boxes to see files (not necessarily stream) but have better connectivity than this frustrating L2TP VPN scenario?? LTE and 4G suck ass and even lowered MSS to 600 from Auto.
JPedroT
Premium Member
join:2005-02-18

1 recommendation

JPedroT

Premium Member

Does your NAS support OpenVPN, if they do, why not use OpenVPN to connect to that one?

My QNAP NAS supports OpenVPN at least.

If you want to be a real nerd, read this for SSH,

»www.revsys.com/writings/ ··· nel.html

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

1 edit

Anav

Premium Member

No I have el cheapo NAS boxes. I was hoping to use SSH to reach the router and specifically then access to the LAN....

So what can SSH do for me or is this all a big tease.
How do I setup the router?
Okay the router is really ssh limited. its seems only for admin access only version 1? Nothing like using it for routing. Hmm I imagine your going to tell me just to virtual server and fw rule it to some box or IP range??
JPedroT
Premium Member
join:2005-02-18

JPedroT

Premium Member

You do not have to change anything on your router as long as it accepts SSH connections (okay, maybe, but either it supports tunneling or not)

Install this on your S3

»www.howtogeek.com/121698 ··· -tunnel/

Follow the instructions in the link above.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

3 edits

Anav

Premium Member

Well the router is a USG100, but I can fire up a USG300 (but it sounds like the inside of an airliner) if it helps.

More importantly its clear that they state the SSH server built into the router. Is there such a beast on the USG. In other words the android phone has to ssh to some entity???? Where is that pesky daemon hiding?
I read a post somewhere that said in ver 3.0 one could install intermediary certificates if that is helpful??
JPedroT
Premium Member
join:2005-02-18

JPedroT

Premium Member

The Android phone has to ssh to the USG. If you use the tunnel thingy the USG will then be the SSH GW and forward your traffic to a server on the lan side.

But the limitation is that you need 1 tunnel per host on the lan side you want to access.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

Do you mean a gateway to an SSH server or to my NAS box to read files?

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
Ubiquiti NanoBeam M5 16

Brano

MVM

Your mixing apples with oranges and pears.

If you want to use OpenVPN set it up on your NAS or some other server on LAN.
For SSH tunnelling I'd recommend the same, use sshd server on your NAS (most of NAS devices have sshd). If you really want to access files (the copy method) then from windows use WinSCP from Android use DroidSCP or something similar. It's very simple.

As inspiration, since I love separating my devices, I'm using Raspberry Pi as my sshd server which has my NAS drives mapped. This way I don't have to change any config on my QNAP and RPi is full blown linux allowing lots of flexibility.
JPedroT
Premium Member
join:2005-02-18

JPedroT to Anav

Premium Member

to Anav
said by Anav:

Do you mean a gateway to an SSH server or to my NAS box to read files?

You still have not answered what you want to achieve.

But as Brano said its either or, OpenVPN if your NAS supports it or SSH to either your GW or NAS.
I would do try the GW first, because then you do not need to port forward anything. Just allow SSH access to your GW from the WAN.

What do you use to access your files on your NAS from your phone on your LAN, a browser?

Basically with SSH you do the following.

1. Create a tunnel to the GW which forwards traffic to your NAS (any host). See earlier posted links to SSH Tunnel for Android.
2. Then you use for instance your browser to connect to the tunnel, this usually means typing in »127.0.0.1:Your_Choosen_Port

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

I have no clue on how to create an SSH tunnel to the gateway. There are no settings in the router for that. The only thing is SSH access by admin to the router itself.

mozerd
Light Will Pierce The Darkness
MVM
join:2004-04-23
Nepean, ON

mozerd

MVM

Anav, just switch to a CISCO Router solution and you'll have ZERO problems. Why even bother with SSH ... unless you want to be a Linux nerd. BTW, get you self a Windows 8 phone and get rid of all this stupid nonsense. Stop screwing around with Google's Android OS --- it's one big pile of malware.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

Too late mozerd, Rogers owns my ass now.
Cisco is for the upper echelons who watch my peoples from the villages fight it out at the hunger games.
JPedroT
Premium Member
join:2005-02-18

JPedroT to Anav

Premium Member

to Anav
said by Anav:

I have no clue on how to create an SSH tunnel to the gateway. There are no settings in the router for that. The only thing is SSH access by admin to the router itself.

You are not supposed to do anything on the router EXCEPT for allowing WAN access to the router with SSH.

The heavy lifting is done on your phone.
JPedroT

JPedroT to mozerd

Premium Member

to mozerd
said by mozerd:

Anav, just switch to a CISCO Router solution and you'll have ZERO problems. Why even bother with SSH ... unless you want to be a Linux nerd. BTW, get you self a Windows 8 phone and get rid of all this stupid nonsense. Stop screwing around with Google's Android OS --- it's one big pile of malware.

As for Cisco, fine whatever, but I got a problem with that, since I work in an ABC shop (anything but cisco)

Also Android is just fine, unless you think that any app is good thing, just like facebook, just know what you are doing

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav to JPedroT

Premium Member

to JPedroT
Jpedro, do you mean a Wan to ZYWALL firewall rule to allow a specific port. YOu have me confused. Maybe I need a drink and it will all become clear.

Okay hou bowt
1 - create an SSH policy route from a specific user
a. SSH-L2TP user
b. Incoming - Interface - WAN1
c. Source - Any
d. Destination - LAN1 Subnet where my nas boxes are located
e. Service - SSH
f. Next Hop - Trunk - my spillover trunk defined (not the default - not used)
g. SNAT - outgoing-interface

(by the way changed service ADMIN router access ssh to non-standard port to avoid any interference)

Associated FW rule.
1. Wan to LAN1
a. SSH-L2TP User
b. Source - Any
c. Destination: LAN1 Subnet
e. Service: SSH

bbarrera
MVM
join:2000-10-23
Sacramento, CA

bbarrera to Anav

MVM

to Anav
said by Anav:

Seriously, so I should try SSH from my android phone to my NAS boxes to see files (not necessarily stream) but have better connectivity than this frustrating L2TP VPN scenario??

If all you want to do is see files, why not go with something like DropBox? This is one of several file sharing solutions that are much easier than vpn/ssh/etc.

I'm shaking my head in disbelief over this thread, as you've never properly described what you want to accomplish (see JPedroT's comment 3 about how you want to access files).

Not that I'm suggesting this thread devolve to an ssh proxy/forwarding how-to, but I'm an advanced user of SSH and at work I access as many remote Linux boxes as I want on the remote network using a very simple ssh config file (~15 lines and proxy.pac to replace use of Cisco VPN client for web/ssh/imap access to corporate worldwide network).

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

Dont fight your natural instinct to shake your head or wag your tail.
What I want to do is establish a highest throughput secure link between
a. android phone and NAS boxes
b. remote laptop and NAS boxes.

This will facilitate transfering of files on the road and perhaps even streaming a video file. Your boxie solutions are useless because one can only store so many media files before free limits are overcome. I will admit, the L2TP VPN seemed to work fine for text files.

Unfortunately I am not so conversant on SSH. I find it a struggle to load an FTP server app on my computer and get that working let alone VPN. I like the idea though of overcoming whatever SSH block is in my head because you all make it seem so damn easy so I must be missing something obvious.

bbarrera
MVM
join:2000-10-23
Sacramento, CA

bbarrera

MVM

Apologies if you answered earlier, do you have enough upstream bandwidth to serve up media files? If L2TP VPN worked fine for text files, what happened when you tried media files?
bbarrera

bbarrera to JPedroT

MVM

to JPedroT
Anav/Donkey, to borrow one of the first questions you received ---
said by JPedroT:

Okay, let me start with the dumb question, what is that you want to achieve?

^^^ I keep coming back to this, and the Anav/Donkey's answer shouldn't be "highest throughput secure link" or we will need to verbally abuse you again