MaLaCoiD
Dabbler
- Joined
- Sep 23, 2014
- Messages
- 12
I'm deploying a FreeNAS which is behind a consumer-grade NAT router and don't have access to forward the SSH or web port for administration.
I'm thinking the easiest way to administer the box is with reverse SSH. I would like to SSH into one or two servers on startup from the FreeNAS. I could also rely on OpenVPN to a server for access.
I've tried executing variations of:
ssh -R 9000:localhost:22 user@remote.host.com -p 22 -i /mnt/z3/jails/j1/.ssh/id_rsa -o UserKnownHostsFile=/mnt/z3/jails/j1/.ssh/known_hosts
... they all work from the shell, but not from an init script or init command configured with the GUI. I've tried with 'screen'. I've tried with -f and &, but never do I see it connect or create the screen session.
When I was trying with OpenVPN, but a client can't run in a jail because it can't make tun interfaces or control routing, and OpenVPN can't connect with auth info in a file because it is not compiled that way by default, and portsnap is not installed to reconfigure the package.
Even better if there's a utility that can check the status of the tunnel and reconnect if necessary.
I'm thinking the easiest way to administer the box is with reverse SSH. I would like to SSH into one or two servers on startup from the FreeNAS. I could also rely on OpenVPN to a server for access.
I've tried executing variations of:
ssh -R 9000:localhost:22 user@remote.host.com -p 22 -i /mnt/z3/jails/j1/.ssh/id_rsa -o UserKnownHostsFile=/mnt/z3/jails/j1/.ssh/known_hosts
... they all work from the shell, but not from an init script or init command configured with the GUI. I've tried with 'screen'. I've tried with -f and &, but never do I see it connect or create the screen session.
When I was trying with OpenVPN, but a client can't run in a jail because it can't make tun interfaces or control routing, and OpenVPN can't connect with auth info in a file because it is not compiled that way by default, and portsnap is not installed to reconfigure the package.
Even better if there's a utility that can check the status of the tunnel and reconnect if necessary.