Configuring SSH tunneling with DD-WRT and Putty

I was looking for a free VPN solution in order to remotely connect to my home network. The answer seems straight forward: OpenVPN. With Optware the installation is just another piece of cake, however the pain begins afterwards: should I deploy a NAT or a bridged network configuration?  I should use another  Linux Machine to generate the certificates and copy them do my DD-WRT router. I should install a OpenVPN client on each computer I would like to use to access my network and deploy a certificate for it. Configure networking on the client etc... And on top of it I should have another process running on my router facing already its imitations with his 32 MB RAM memory.

So I say, there should be a better way! And that's SSH tunneling.

In order to configure that I have opened the SSH port on my router, so due to the lovely free Dyndns service I should be able to establish a ssh connection from everywhere in the World.  It's a good practice to use a different port than 22, in order to mask the service listening behind. I have chosen mine above 1024, out of the well known port range.

Further on, from DD-WRT GUI, on the Services >> Services tab I have enabled SSH TCP Forwarding as shown below:

Now on the remote PC, the one which I will use from remote in order to access my LAN, I have to set up a Putty connection:

After saving, for the above defined session I went to SSH >> tunnels. The image below shows how to configure the tunneling for http protocol in order to be able to access the GUI from remote. 

Be aware that I  have the remote GUI administration turned off, and the only port being opened in the firewall is the one used for SSH.

Further on I will use Mozilla Firefox for configuring a proxy, since Mozilla turned out to be the most versatile browser when it comes to proxy configuration. So I configured a Socks v5 local proxy listening on port 8080. 

Having this configured, all I need to do is to start a SSH connection to my DD-WRT router and once connected to use Mozilla browser in order to access my router's GUI, as being inside the LAN.

In the same manner, one can configure RDP, in order to access the windows machines inside the LAN 

but more about this probably on a future episode.

Modify Windows default route with a script when connecting to wifi

My corporate network proxy blocks any outgoing ssh connection, therefore in order to access my home network I would need to use the "clean" wireless connection provided by the company for special projects, test or backup scenarios.

Even if my corporate network policy does not specifically prohibit using the corporate network together with a free wireless network, the practice demonstrated that doing so would sooner or later end up with a local network outage. Since I don't have a clue why that might happen I will just take it for granted, or maybe leave you, the networking guys reading my post to provide an answer.

But how to use both corporate network and unfiltered WiFi without causing a local outage affecting around 100 hundred persons?

The answer would be deleting the default route Windows adds when connecting to the wireless network and replacing it with a specific route pointing to my IP address.
I would have loved to be able to do all this from a script which would also enable the wireless connection, but since I was not able to find an easy way to do it, I have developed another plan:

A script will be triggered whenever I use the physical switch on my laptop in order to turn wireless on and automatically connect to the predefined wireless network.

This is pretty easy to achieve in Windows 7: right click on My computer >> select Manage from the drop down list >> go to Task Scheduler  >> and select Create Task.

On the General tab, I gave the name of the task :RunWhenWirelessNetworkOn.

On the Triggers tab, select the trigger "On an Event" and choose form the Log dropdown list "Micrhosoft-Windows-NetworlProfile/Operational".

On the actions tab, select the action "Start a program" and provide the path to my script "D:\UserData\***\My Documents\bin\RouteMan.bat". I will list the content of the script a little later.

Last but not least, I don't want the script to run when I connect to each wireless network in this world, but only when I connect to the specific network whose SSID I have selected under tab Condition, from the dropdown list "Start only of the following network connection is available".

Finally hit OK to save the current settings.

Now, let's discuss the script, which should look like this:

@ECHO OFF

ECHO This script will change the wireless connection routing.

set /p runScript=Do you really want to run the script now [y/n]?:

:UINTERACTION

IF "%runScript%"=="y" GOTO ROUTEMAN

IF "%runScript%"=="n" GOTO End

set /p runScript=You need to answer with "y" or "n":

GOTO UINTERACTION

:ROUTEMAN

route delete 0.0.0.0 MASK 0.0.0.0 192.168.1.1

nslookup myaddress.dyndns.org

set /P remoteIP=Please enter remote computer address:

REM add route for myaddress.dyndns.org

route add %remoteIP% mask 255.255.255.255 192.168.1.1

tracert myaddress.dyndns.org

GOTO End

[ later edit for the enhanced version of the script, check the post: Enhanced script to modify the Windows default route ]