Simple VPN setup
Up until today, I have had to make important files from the shares of my home Linux server available as Windows Offline files to have them readily available on the road. I could sftp to my home server and fetch the files, but with the overhead of having to remember to actively upload the files again if they have been updated. I had a hunch that SSH tunnels could help me out, but today I finally made everything work, enabling me to map drives to the Samba shares of my home server through a secure SSH tunnel. Here’s how..
I am creating this setup using my home Linux server connected to my ADSL connection at home. I want to connect my laptop to my Linux server in order to map the Samba shares as drives on my laptop, when I am connected to the internet at the office or at a client. The Linux server is running OpenSSH which enables me to make regular SSH terminal connections using a client such as Putty, SFTP file transfers using WinSCP AND tunnels – also using Putty.
A tunnel through SSH works like this: A service is listening for connection requests on some port on the server -A Samba server listens on port 139 (like any Windows machine that has “File and printer sharing” installed does). When you create a tunnel like this one, you are “rewiring” the network of your workstation telling it to forward all connection attempts to the local port 139 to port 139 of the remote server through a the secure connection supplied by SSH. As only one service can listen on one port at a time, you need to uninstall “File and printer sharing” for your network connections. Please note that when you do this, any folder or printer shared by your computer will no longer be available to other users on your network.
If you have Samba shares and OpenSSH running on your server and you can connect to it using an SSH client, you only need to change the setup of your client pc.
- Install Putty – which should be fairly straight forward.
Uninstall “File and Printer sharing”. Note: If you merely disable the element, this will not work as the service will still listen on port 139 and block Putty from listening on the same port. A complete Uninstall is necessary.
- If you already have a terminal connection set up for your server in Putty, it can be reused and you can merely add a tunnel to the connection. To make your initial connection in Putty, simply supply your internet IP address (or domain name if you have one) for your home server, and make sure the standard port 22 is NAT’ed in your router to your server. You may choose to increase security by having OpenSSH run on a port other than 22 – but that is a outside the scope of this post.
- Open the Tunnels configuration and enter:
- 139 in the Source port field
- The internal IP adress of your server followed by :139 to indicate that you wish to connect to port 139 on the server. In the example below, the internal IP adress of the server is 10.0.0.150
Apply your changes and open the connection. Once you have succesfully logged on in the terminal window the tunnel will be established and you should be able to start mapping drives to \\127.0.0.1\remotesharenames.