Jan 30, 2013

Configuring SSH tunneling with DD-WRT and Putty

I was looking for a free VPN solution in order to remotely connect to my home network. The answer seems straight forward: OpenVPN. With Optware the installation is just another piece of cake, however the pain begins afterwards: should I deploy a NAT or a bridged network configuration?  I should use another  Linux Machine to generate the certificates and copy them do my DD-WRT router. I should install a OpenVPN client on each computer I would like to use to access my network and deploy a certificate for it. Configure networking on the client etc... And on top of it I should have another process running on my router facing already its imitations with his 32 MB RAM memory.

So I say, there should be a better way! And that's SSH tunneling.

In order to configure that I have opened the SSH port on my router, so due to the lovely free Dyndns service I should be able to establish a ssh connection from everywhere in the World.  It's a good practice to use a different port than 22, in order to mask the service listening behind. I have chosen mine above 1024, out of the well known port range.

Further on, from DD-WRT GUI, on the Services >> Services tab I have enabled SSH TCP Forwarding as shown below:

Now on the remote PC, the one which I will use from remote in order to access my LAN, I have to set up a Putty connection:

After saving, for the above defined session I went to SSH >> tunnels. The image below shows how to configure the tunneling for http protocol in order to be able to access the GUI from remote. 


Be aware that I  have the remote GUI administration turned off, and the only port being opened in the firewall is the one used for SSH.

Further on I will use Mozilla Firefox for configuring a proxy, since Mozilla turned out to be the most versatile browser when it comes to proxy configuration. So I configured a Socks v5 local proxy listening on port 8080. 



Having this configured, all I need to do is to start a SSH connection to my DD-WRT router and once connected to use Mozilla browser in order to access my router's GUI, as being inside the LAN.




In the same manner, one can configure RDP, in order to access the windows machines inside the LAN 

but more about this probably on a future episode.



Posted by at

2 comments:

  1. AnonymousJuly 9, 2013 at 11:54 AM

    I have exactly the same setup as described above.

    What I would really want to do, however, is to create a "shell-less" additional account in DD-WRT that is designated only for ssh-tunneling/SOCKS proxy.

    This way one would avoid using an account with root access in everyday usage over the internet and from locations/workstations that are not your own.

    ReplyDelete
    Replies
    1. bloggerJuly 19, 2013 at 11:49 PM

      what you need to do, is to run a command similar to the followig:
      echo "radio:*:401:10:User,,,:/opt/tmp/radio:/opt/opt/tmp/radio/radion.sh" >> /tmp/etc/passwd - from my own post http://mysparetimeprojects.blogspot.ro/2012/11/remotely-turn-onoff-dd-wrt-wifi-at-wish.html

      It creates a new user called radio, having as password *, home folder /opt/tmp/radio and default shell /opt/opt/tmp/radio/radion.sh.
      Since you won't need a dedicatet home folder you could use only /opt/tmp and as a default shell use /dev/null. This is to create a "dummy" user only for tunneling purposes. The command to run will finally look like:

      echo "yourusername:*:401:10:User,,,:/opt/tmp:/dev/null" >> /tmp/etc/passwd
      Eventually change the password from * to the one you want to utilize, using passwd command.
      There you go!

      Delete

Subscribe to: Post Comments (Atom)