Accessing server from abroad...

[Arman]

Hi.

I have searched about this topic online but I have not been able to understand fully.

How would you access an intranet from the internet? What do I have to do to be able to turn on/off my server and be able to download/upload files from/to it from abroad?

 

[pirateghost]

Put up a VPN server.

 

[Arman]

Put up a VPN server.

Do I contact my ISP to set up a VPN? Or do I get something like tunnelbear? I'm confused...

 

[pirateghost]

No. You would set up a VPN server at your house(if that's the network you need access to), and connect from your client device (laptop, tablet, phone) remotely to the VPN server.

This has nothing to do with your ISP.

Most routers these days have VPN server built in.

 

[Arman]

I looked for VPN but this was the closest thing. Is it the same thing?

 

[pirateghost]

No. That's basically like a port forward.

Has nothing to do with VPN

 

[nojohnny101]

or you could setup an SSH tunnel and then connect that way.

SSH tunnel = good
VPN = better
SSH tunnel wrapped inside of VPN = best

here is the instructions i used to setup SSH on my box:
https://forums.freenas.org/index.ph...r-freenas-server-remotely-and-securely.27376/

 

[danb35]

SSH tunnel wrapped inside of VPN = best

If by "best" you mean "overly complex for no good reason", I guess. OK, that might be overstated, but in seriousness, what do you think an SSH tunnel inside a VPN connection accomplishes, that the VPN connection by itself doesn't?

For that matter, I don't think I'd agree that a VPN is necessarily better than an SSH tunnel, even if I'd prefer the VPN in most cases.

 

[nojohnny101]

If by "best" you mean "overly complex for no good reason", I guess.

overly complex? definitely more complex than setting up only one or the other but IMHO, certainly doable for most on here if not all with some help.

VPN is probably the most secure without becoming overly complex compared to setting up networking rules, whitelists, etc. manually but by no means is VPN the end all be all and impenetrable.

Don't mean to scare anyone, VPN OR SSH is fine and perfectly secure for 99% of people in 99% of the situations. I was merely suggesting that wrapping an SSH tunnel inside of a VPN connection could add an extra barrier to a determined person hell bent on getting in. Then again, if the person is that good, it will probably only slow them down.

Carry on!

 

[danb35]

Setting up an SSH tunnel certainly isn't particularly complex, but IMO it really doesn't buy you anything inside a properly setup VPN. "Overly complex" in this context means "more complex than it needs to be, without an accompanying benefit justifying the added complexity". Of course, that's IMO, and YMMV.

 

[gpsguy]

If your ISP provides the DLink DSL-3780, do they offer better ones (with VPN capability) or allow you to use your own DSL modem / router (with VPN capability)?

This would probably be the easiest solution.

 

[zoomzoom]

@Arman The best way to access the intranet will depend on what exactly you need access to.

If you're only looking to have access to say a router's/server's WebGUI, then an SSH tunnel with at least a 2048bit RSA key would be sufficient.

• If using Windows, I'd recommend PuTTY as your SSH client.
  • Session Configuration -> Connection -> SSH -> Tunnels
    • Source Port: Arbitrary local port number on client device, which should be >1024 but <10000 [i.e. 5000]
    • Destination: IP of WebGUI with it's port # [i.e. 192.168.1.100:443]
    • Tick:
      • Local
      • Auto
  • When you click Add, you should see the following under Forward Ports:
    • L5000 192.168.1.100:443
  • When connected to the SSH tunnel, you would open a browser and type in the loopback IP followed by the Local port # [i.e. 127.0.0.1:5000]

If you're looking to access network shares, an SSL VPN server would be best (I'd recommend OpenVPN if creating your own VPN server).

If you're looking for Remote Desktop access, an IPsec VPN would probably be best.