vpn to NAS

[stiler]

in my office the server is composed by a disk that is conected to a switch and all the pc's conected to the switch.

question:

i want work by home directly to my disk in office, is that possible??

i only can find software taht alowme to work in a pc on the office, but i want copy and paste documents directly on mobyle disk....

????

[+BudMan MVC]

What is the model number of this NAS? Quite a few of them support FTP an or even SFTP to connect to them.. If so then you could access the files from you home without the need of a VPN connection to your work network.

But you are correct to use it how you do in the office, you will need a VPN into your work network.. Some details of your work network would be needed to help find the easiest method of doing this.

Its quite possible the router that connects your work network to the internet supports VPN connection. Or you will have to run some vpn software on one of the machines on the work network, be it a server or just a workstation.

There are quite a few possibilities depending.. openVPN comes to mind, SSL explorer would be a easy option, for that matter you could just run hamachi https://secure.logmein.com/products/hamachi/vpn.asp?lang=en

Depending on what OS the other machines/servers on your network are running - they might support allowing vpn connection to them. Windows 2000, 2k3 or XP pro even. You would just have to allow for this type of connection on your works router.

Really need some more details to help you any further.

[stiler]

i will try 2 explainme better....

my router is a speedtouch 585i thomson...

i think taht dont allow vpn... :s

the software that yu tellme i had allready esprimentate, and other 2, but all have a problem:

the server of my company is a mobile disk, ists conected to a switch and so in the office we have internet...

what i want??

i want 2 be at home and aced to my office and aced to the mobile disk and copy or paste files....

the problem of the software that i try to use until now, like logmein is taht i only can aced to pc's of the office, but cant aced to the mobile disk to do mi job...

in some times, i can see a shortcut "atalho"(->is in portuguese), dont know if yu understand; but wen i clik to aced dont do nothing :s

understand my problem now??

[+BudMan MVC]

And again I will ask -- what is this modile disks make an model?? I can not help you connect to it, if I do not know what it is.

I assure you that hamachi running on a machine on the network, setup correctly would allow you to do anything you want on the work network.. Remote control machines, connect to shares on machines or a NAS

In hamachi what you need to setup is "routed tunneling"

from the manual

But the easier method might be to just remote control the the machine that has access to the remote disk..

Another issue you can run into when you try to connect network together is that you have the same network on both ends behind a NAT.. if your work network is 192.168.1.x/24 an your home network is also 192.168.1.x/24 your going to have problems!!

Again without some DETAILS of both your home network, the work network an atleast the make an model of this NAS.. It is very difficult to help you more.

Here is how you could connect to any device on the work network, using 1 computer on it running hamachi. You would then connect to the NAS, just how you connect to it when your at work.

https://secure.logmein.com/products/hamachi/support.asp

***

How do I use LogMeIn Hamachi to connect two networks together?

Hamachi currently does not natively support bridging networks together, however, it can be made to support it. It is not recommended to do this with non-server operating systems.

Due to it's complexity in nature, and stability issues on non-server platforms, LogMeIn cannot provide setup assistance beyond these instructions.

The intent of the article is to show you how to bridge two networks of Windows computers together using a single Windows (2000, XP, or 2003) machine on each network running Hamachi with the Routed Tunneling feature.

Initial Setup

First, you need to have Hamachi set up and running on a computer on each network. Ensure the status of each computer is ?green?. Next, you?ll need to turn on Routed Tunneling on both computers.

To do this, create a file called Hamachi-override.ini in the c:\Documents and Settings\<username>\Application Data\Hamachi folder.

Inside Hamachi-override.ini add the line "RoutedTunneling 1" (no quotes) and save the file

Restart Hamachi on both computers to have this setting take effect.

Configuring Windows for IP Routing

This is necessary for Windows to be able to send packets destined for the other location?s network through the Hamachi virtual adapter. This will need to be done on both of the computers that will act as the VPN end points.

To do this, create:

HKEY\Local_Machine\System\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter as a string value equal to 1 in the registry. This will require a system reboot to take effect.

Configuring Static Routes across the VPN

In order for the Hamachi computers to be able to route packets destined for the network on the other side of the connection, you?ll need to set a static route to say so.

In this scenario, we?ll use two networks, 192.168.1.x and 172.16.x.x to illustrate

On the Hamachi computer that is on the 192.168.1.x computer, you?ll use

Command Prompt>route ?p add 172.16.0.0 mask 255.255.0.0 5.x.x.x (Hamachi IP of PC on 172.16.x.x network)

On the Hamachi computer that is on the 172.16.x.x network, you?ll use

Command Prompt> route ?p add 192.168.1.0 mask 255.255.255.0 5.x.x.x (Hamachi IP of PC on the 192.168.1.x network)

You should now be able to ping the 172.16.x.x computer from the 192.168.1.x computer using its real IP address and vice versa. If not, check your firewall settings.

Tying It All Together

Now for the fun part; you need to tell your other machines how to cross the VPN to access computers on the opposite network.

There are two alternative here. You can either add a static route on each computer needing to cross the VPN, or you can add a static route pointing the Hamachi machine on the router acting as the default gateway for the network.

Option 1:

This requires more work, but limits configuration changes to be at the computer level.

On each computer on the 192.168.1.x network:

Command Prompt>route ?p add 172.16.0.0 mask 255.255.0.0 192.168.1.x (IP of Hamachi computer on the 192.168.1.x network)

On each computer of the 172.16.x.x network:

Command Prompt>route ?p add 192.168.1.0 mask 255.255.255.0 172.16.x.x (IP of Hamachi computer on the 172.16.x.x network)

Option 2: (not all routers support this, but it is the minimal configuration method)

On the router acting as the default gateway for 192.168.1.x network, add a static route that says any traffic destined for 172.16.0.0 network go through 192.168.1.x (IP address of Hamachi PC on 192.168.1.x network)

On the router acting as the default gateway for 172.16.x.x network, add a static route that says any traffic destined for 192.168.1.0 network go through 172.16.x.x (IP address of Hamachi PC on 172.16.x.x network)

***

[Borbus]

If the server is a *nix box you can do everything through SSH. Open a shell, transfer files to the server (through SFTP) and connect to any other device on that network (by using an SSH tunnel).

[+BudMan MVC]

I agree with you SSH tunnel is another option.. But he has not given us any details of what OSes are running on the machines conected to this switch. An it does not have to be a *nix box for that to be an option either.. There are many ways to run a sshd on windows machine. Some free, other not.

Yes any box on the work network running a SSH server could be used to access the anything on the work network, with the correct forwards.

But without some DETAILS!!! There is not much else we can do to help.. SSH is just another option, like openvpn, ssl explorer, hamachi, the builtin vpn server 2k, 2k3, XP pro..

If he had a *nix box running he could also just setup a true vpn, be it using openswan for a ipsec or Poptop "pptp" server for linux, etc.. etc.. Just like he could on any windows machine.

[stiler]

i experiment the logmeinhamachi option and still have the same problem...can't aced to mobile disk that is directly conected to the switch......

the other option "ssh tunel" i have to ask to mi boss if i can do it......

the mobile disk is a maxtor, is the only information that i have...

[+BudMan MVC]

Well -- walk over to the Freaking thing and LOOK.. What is the MODEL number??

There are MANY, MANY ways to allow access to your network.. All of them are quite simple to setup - if you RTFM.

You have been given multiple options on how to create a vpn/access into any network.. OpenVPN, SSL explorer, Hamachi, SSH, Windows builtin VPN support, linux also supports openvpn, ssl explorer, ssh, an then other options to create different vpns be it using openswan, freeswan Poptop, etc.. etc..

You say you have experimented, an you can not get anything to work.. Well then your going to have to give us some DETAILS of EXACTLY what you did.. An what did not work about it! An for that matter some details of your network. What are the ip ranges of your work network, the home network your trying to connect from?

What OSes are in use? The model number of the NAS -- how exactly do you machines connect to it now? I would assume a simple windows share.. But it could be some special software you run in each machine from the maker of the NAS?, it could be FTP, it could be NFS, etc.. etc..

I would love to help you - but I am not going to continue to bang my head against a wall.. You have been given MANY options to choose from.. All of which WORK!! If you are unable to configure any of them - an will not give us the details of what you did so we can point out what you did wrong. Then I would suggest you hire someone in your local area to set it up for you.

[Mikeo13]

Seems borbus resolved his prob.

Anyhow just wondering what you guys thought about the qnap nas's or if you would recommend anything else thats probably better and has as simliar or more features.

[+BudMan MVC]

Well why did you not start your own thread asking about that verse bringing up a thread that died back in feb of this year, and other than the term nas, and that is what he wanted to connect to the thread really had nothing really do with with them.

[Mikeo13]

Chances are your subscribed to this thread and allready showed willingness to help in an area where in a new thread chances are who may happen to overlook may not respond or understand.

q.1. So I asked a question about what you thought of qnaps nas's or if you can suggest a comparble nas with as comprehensive a feature set?

Also last night I did a little research on ssh-ing, spawned some new questions:

q.2. From what I read, it seems when you SSH into a nas you have to map the drives vs the network shares showing up automatically in "my network places" between 2 MSxp machines in a hamachi vpn.

q.3. Since you probably tried both ssh'ing into a nas & dealt with hamachi. Would you consider ssh to nas vs hamachi between 2 xpmachines, both cases over the internet, which is more efficient/performs better in file sharing (consider all internet connections are broadband & the nas has a 500mhz processor)?

q.4. What do you consider are the benefits, besides ease of use, between using putty on a xp machine vs using cygwin & openSSH? {i.e. with putty do you have to also map drives? with putty can you login strickly with public/private key pair?, etc etc etc}

Thanks.

BTW, If there is a problem with making a post to threads with very related subject matter, if "old", in this forum I will post a new one. So far nobody has ever brought it to my attention until now and do it quite often. Generally its these posts that make me a member to begin with.

Thanks again.

[+BudMan MVC]

Well it might be fine to revive a dead thread if your dealing with that topic, but the OP question has nothing to with what you were asking.

And now your staring to get off topic all together with Q4.

As to mapping drives with putty? Um you might want to reread what ssh actually is -- you don't map drives with putty. Putty is a SSH/Telnet/Serial client, etc. You don't actually use it to make connections to shares.

Yes you can TUNNEL file sharing thru a ssh tunnel -- but that a bit more complicated than a simple tunnel for say ftp or remote desktop, etc. Because the client windows machine is listening on the port you need to use, etc. Here is a pretty good walk thru.

http://www.blisstonia.com/eolson/notes/smboverssh.php

Sharing (tunneling) Samba/CIFS/SMB file systems over SSH

Without disabling local file sharing

As to using putty over cygwin, yes is much easier to use a simple client that runs on the host OS vs running a linux API emulation layer that you run your software in. And how you auth to the SSHd would depend on what that ssh server allows, but yes I would HIGHLY suggest you use key auth vs password.. I only allow this method to ssh into my network for example - since passwords are not secure, and just fill your logs with brute force attempts minutes after bringing a ssh server online connected to the public net. I have a blog entry about that actually ;)

As to Q2 -- Your wanting network browsing to work through a ssh tunnel? Yeah that would not be something someone new to ssh would want to do. Then again anyone that actually used ssh would have little use of MS network browsing nonsense. Keep in mind that is a broadcast based system. Your not going to send broadcast traffic through your ssh tunnel. Yes you can connect to SMB shares across the tunnel -- but no your not going to be wanting to use MS's lame as network browsing across it ;)

As to Q1 -- I am not familiar with the qnaps line of products, so I can not compare them to anything.

Q3 -- Pretty much hamachi is going to be easier all the way around for the typical user. I have never seen the need for it myself - other than playing with it, since I just ssh into my network to access anything I need, or just connect to it using a SSL vpn.

[Mikeo13]

I have never seen the need for it myself - other than playing with it, since I just ssh into my network to access anything I need, or just connect to it using a SSL vpn.

thanks for the response, coincidence how today I was tring to find out how an ssl vpn worked vs ipsec. Ironic how no matter how much you look you don't get direct answers inherent to its use unless you give it a try or ask someone who has.

gotoservers.com & even google (gbridge) has a hosted vnp service and I ran across a commercial software package the other day that wasn't clear on the functionality and uses activeX & com.

Finally it seems like I'm getting somewhere.

q.1.

Do you know of/use a vpn server with a management gui to customize folder access (read,write,hidden) on a per user basis? (windows or linux, doesn't matter)

for example

user x can only see folder y; user y can edit folder x; user z can only upload to an empty directory; user a can see x,y,z but only write z

q.2.

When you use the browser to connect to your ssl vpn are you obliged to access the fileshares through the internet browser or do they show in "my network places" / network share folder?

Thanks again

[+BudMan MVC]

Q1 -- I think you confusing a vpn and and some kind of interface to a file server. A "vpn" is a "virtual private network" it has nothing to do with file permissions.

The permissions to any shares would be handled on the server doing the sharing.

That being said, the product I already mentioned "ssl explorer" allows you to create a web interfaces to file shares. And yes you can create users in this software or use users from an AD and limit or permit what file shares they have web access to.

Q2 -- Again your confusing a VPN and file access.

http://en.wikipedia.org/wiki/Virtual_private_network

In a nutshell -- a VPN is a method of connecting private networks together over a public network.. For example the internet. You have a network at your home, you have a network at work.. You use a VPN to create a secure connection between these networks over a unsecured network (internet). This "tunnel" if you can use any of different methods to secure the private traffic from the unsecured public network.. This could be SSL, this could be ipsec, L2TPv3, etc.

You can create this secure connection between networks with a SSH connection, which in turn can use many different encryption methods. Blowfish, AES, CAST, TwoFish, TripleDes, etc. Traffic between your 2 private networks can then be passed between each other over this secured "tunnel"

This really has NOTHING to do with actual file access... Whatever method you want to use to access files can be used over the VPN, be it SMB/CIFS, ftp, NFS, Appleshare, etc.

The access to these files would be control by whatever it is your sharing them on/with.

If you want to use a Web interface to access these files --sure go right ahead. But that really has nothing to do with the actual VPN connection.

But as I stated as an example the "SSL Explorer" product puts a bunch of different technologies together for the user and" I a web interface to file shares. Controlled access to applications, ie Remote Desktop, etc.

But for example the OpenVPN solution is also a SSL based VPN -- but does not provide any of these features as part of the VPN setup.

so to answer "When you use the browser to connect to your ssl vpn are you obliged to access the fileshares through the internet browser" ---> No your not obliged to have to access your file shares in the browser -- I would suggest you read the documentation on the ssl explorer. You would only use the browser to connect to the vpn in a clientless solution -- in the openvpn solution for example you have to have a client.

As to that wodVPN -- never heard of it.. It looks like a P2P secured connection.. Why not just use hamachi FREE to do it ;)

[Mikeo13]

Giving elusive fluff vs direct answers I sometimes wonder which should be more appreciable. Me personally I rather get things over with and moving on to my next problem(s) ASAP.

Quite simply be it an interface or vpn you interpreted, quite simply, NO, you haven't heard of customizing on a user basis the network shares because, vpns extend the network that allready exist. Very simple answer, another variant, its probably possible, maybe it can work if you look into this. I'd like to wonder how me telling someone what I think they don't know so they can read up on something that won't give any solution maybe can be a lucrative profession on its own. Its been the cornerstone of some of my friends/foes former professions and yes, it has the subtle reverbaration of "job creation", I am indebted to you sir.

Yes, I was in the darkness until I ran across an economic netgear ssl vpn. I have been using hamachi, but the problem stands that I don't want to have to host, thus will be getting either a server or nas soon (why I butted in here to begin with). But also, the users shouldn't access nothing but their assigned folder(s), how is the question. The suggestions sofar have been setting up a samba server (unverified/untested) or chrooting the users with openssh (undireably uncomfortable for adding and removing users on a gui-less nas to lock various blocks of users to certain directories who will have access to relatively small areas of a large storage structure).

And finally, No, your ssl vpn actually does not restrict you to browser access of shares it has a java applet that allows you to map drives to network resources, ?why ask? plain curiosity.

Ooh, and yes, thank you for your time and service. I will develop a guilty conscious if you at this juncture give anything more then a very brief answer, time can be better utilized, I know what my api requires and have allready turned enough stones to say that with great confidence and without using a lifeline.

Edited November 8, 2008 by Mikeo13