Step 3: Install OpenSSH on the Client Computer
Next, you need to install a copy of OpenSSH on your mobile computer system.
Because you're using your mobile computer as a client and not as an OpenSSH
server, you don't need to configure anything after installing the OpenSSH software
on your mobile computer. Just remember where you installed the software, so
you can access the ssh command-line tool to connect to your newly built OpenSSH
server.
Again, remember that OpenSSH installs itself as a service set to start automatically.
It's probably a good idea to set the service to start manually on your client
system, unless you're sure that you'll use it frequently.
Step 4: Fire Up the Server and Connect
Now you're ready to start the OpenSSH and Squid for Windows services (if they
aren't already started) on the server and test client connectivity. After you
start the server services, on your mobile workstation, open a command shell
and navigate to the bin subdirectory of your OpenSSH installation, in which
you'll find the ssh command-line tool. Log on to your OpenSSH server by using
the following command:
ssh -p 422 -L 3127:127.0.0.1:3128
XYZ@IP
The -p 422 parameter tells the ssh client to connect to the OpenSSH server
on port 422 (or the port number you defined in the OpenSSH configuration in
Step 1). The -L parameter causes the ssh client to open port 3127 on
the local machine and forward traffic sent to that port to port 3128 on the
remote system, which is your Squid for Windows proxy server's port. If you used
a different port number for Squid for Windows, be sure you adjust the command
appropriately. XYZ is your username, and IP is the IP address
of your OpenSSH server.
You can use any unused port number in place of 3127 on the client. Remember
the port number because you'll need it when configuring client applications
in Step 5.
After the ssh client opens the connection between your mobile system and your
remote OpenSSH server, you'll be prompted to log on. Be sure to use the same
username and password to log on that you defined in Step 1. This is either your
local Windows username and password on your OpenSSH server or your domain username
and password as derived from your domain controller (DC), if you used that method
of creating the group and passwd files.
Step 5: Configure Your Client Applications
With the encrypted connection open and ready to use, you can configure your
Web browser (and other necessary applications) to use the Squid proxy server.
Be sure to set the proxy server address to the localhost address 127.0.0.1
on port 3127 (or the port you used on your local client computer).
When you configure your client applications to use a proxy server (which in
this case is actually the SSH client running on your local system), all your
network traffic will be tunneled over your secure encrypted VPN connection,
which is routed through your OpenSSH server to its destination, as Figure
2 shows. However, if your applications don't support proxy connections,
their traffic won't be tunneled over the secure connection and instead will
travel directly over your regular network connection.
Cowabunga! Connectivity
That was easy, right? Even though this solution takes only a few minutes to
implement, you might consider making a copy of your OpenSSH server and Squid
for Windows configurations on portable media such as a flash drive, so that
you can rebuild the server side of the solution on another server much faster
in the future.
Also, be sure you test this solution before you go on the road, because your
client, server, and network border firewalls might need adjustments to port
settings or general rules for the OpenSSH and Squid for Windows services to
work correctly. And finally, if your network uses Network Address Translation
(NAT) and your OpenSSH server has a NAT address, you might need to configure
port forwarding on your firewall to ensure that overall routing and connectivity
works correctly.
End of Article
Prev. page
1
2
[3]
next page -->
