VPN / SSH Server and Secure remote access for Snow Leopard

Discussion in 'macOS' started by OngL, Feb 3, 2010.

  1. OngL macrumors member

    Joined:
    Feb 17, 2009
    #1
    Hello All,

    I would like to ask on how I can connect securely to my iMac at home from my MBP when I'm travelling. I have subscribed to MobileMe, unfortunately, it is not always possible to connect using MobileMe due to technical issues (Many would have agreed that MobileMe are not reliable at times).

    What I would like to achieve is the following:
    1) Install either a VPN and/or SSH server in my iMac at home

    2) Enable access not only my iMac but also my home network and internet connection from my home.

    2) Be able to browse using my iMac or AEBS in my home network from my MBP in a secure way (similar to proxy).

    I understand that I can setup SSH server and do some port forwarding with it. I need more details or tutorial on this, if you have any link that would be appreicated. Basically, I understand the idea but this would be impractical as I need to setup a lot of forwarding (one forwarding for each service).

    So VPN solution may be cleaner in a way. I checked that OpenVPN.net doesn't support newer OSX anymore. Any idea how to do this? I have identified an OpenVPN client that can be used but not the server portion.

    Thank in advance.
     
  2. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #3
    1. SSH is built in, it is called "Remote Login" in Sharing Preferences.
    You would need to forward port 22 on your AEBS.

    Here is a guide: http://theappleblog.com/2009/05/05/how-to-port-forwarding-on-a-airport-extreme-time-capsule/

    You don't have to use 22 for the external port.

    2. If you want to browse via GUI, your best bet is VPN.
    Here is one option:
    http://www.apple.com/downloads/macosx/networking_security/vpnxserver.html

    Port forwarding is a hassle, but it isn't so bad if you have one machine. When you need access to multiple machines or devices, that is when it becomes a little more troublesome.

    If you want full access you would need to forward for: SSH, AFP, SMB, VNC

    Since there is only one machine you need to get to either solution would be acceptable.

    Note, you will need to keep track of your external IP. The best solution is to use something like dyndns and setup a hostname. You can then run their updater widget, which will update your IP on their DNS Servers. (This is a non-issue if you have a static IP.)

    To recap:
    VPN: No port forwarding Need a solution for tracking a dynamic IP. More secure. Could be unreliable depending on the maturity of the VPN Server used.

    Port Forwarding: Multiple forwards. Insecure, unless tunneled through SSH. Need a solution for tracking a dynamic IP.
     
  3. ViViDboarder macrumors 68040

    ViViDboarder

    Joined:
    Jun 25, 2008
    Location:
    USA
    #4
    You can just turn on Screen Sharing and Remote Login in the settings. Then you can use any SSH client or VNC client to connect.

    You need to set up port forwarding to forward the ports through the router.

    So you don't need to remember your dynamic IP, go to dyndns.org and get a free DNS and get the app to update it and you'll have access from anywhere.

    One last option... Hamachi offers trouble-free VPN but you need the client on both the server and the remote computer. The only advantage here is you don't need to do any port forwarding if you're on a VPN.
     
  4. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #5
    The OP said VPN, not VNC. I noted how to turn on SSH.

    I mentioned port forwarding and a link on how to do it on the AEBS.

    I mentioned dyndns as a method for keeping track of the dynamic IP, and the update app.

    Hamachi is a good suggestion.
     
  5. ViViDboarder macrumors 68040

    ViViDboarder

    Joined:
    Jun 25, 2008
    Location:
    USA
    #6
    I think the OP may have not understood what VPN was because it was used out of context.

    VPN without a VNC or SSH would not help you with gaining remote access to another Mac... As the OP referenced they were trying to do with MobileMe.

    I figured that VNC would be a good option to have. :D

    I guess I skimmed your post mostly because I practically echoed every part of it except Hamachi, haha.
     
  6. OngL thread starter macrumors member

    Joined:
    Feb 17, 2009
    #7
    Thanks for the replies. I thought I had subscribed to the thread but didn't received any email notifications.

    Okay, I'll read each reply carefully but here are a few comments:

    1) I already have a way to track my external IP address via no-ip.com client. That's fixed.

    2) MobileMe is configured for screen sharing and file access but for whatever reasons, it is NOT always possible to connect at times. I simply can't afford being locked out when I'm travelling. SSH with manual port forwarding combined with external IP address port tracking will solve specific services like VNC, AFP... But it doesn't allow me what I want to do:

    - Full access to my home network i.e. I'm connected as if I'm on the same segment of my LAN. This allows me to accces other hosts in my home network, printers being shared over TCP/IP, etc. I guess for this, I'd have to look at the VPN server. VPN server doesn't provide proxy service, how do I get a proxy service running on one of my home PC?

    The idea is to specify a home PC IP address as proxy server and surf through it.

    Thanks


    PS: Btw, what's OP stands for?
     
  7. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #8

    A common trip-up with mobileme is that you're using the wrong username to connect, particularly if your usernames don't exactly match up between both systems. If a screen sharing fails, try clicking "connect as" and overwrite the username with the short name you used on the remote machine, along with that password.
     
  8. ViViDboarder macrumors 68040

    ViViDboarder

    Joined:
    Jun 25, 2008
    Location:
    USA
    #9
    Ok... For all this I'm thinking you'll need VPN access. You can just use a VPN client instead of a proxy. Leopard, and I think even Tiger, has a built in VPN client. So you would just need to supply the DNS and auth info for the VPN server to connect. There should be no need for a proxy since you can route all traffic through the VPN connection.

    And OP stands for "Original Poster" as in the starter of the thread. :D
     
  9. TXbug macrumors member

    TXbug

    Joined:
    Aug 24, 2009
    Location:
    Austin, Texas
    #11
  10. ViViDboarder macrumors 68040

    ViViDboarder

    Joined:
    Jun 25, 2008
    Location:
    USA
    #12
  11. TXbug macrumors member

    TXbug

    Joined:
    Aug 24, 2009
    Location:
    Austin, Texas

Share This Page