Very recently we have finished a series on SSH Tunneling, Reverse
Tunneling, and SSH Proxy configuration. You can read the full-length
summary here,
however in this news post, we will provide a brief summary.
In those blog posts, we have described the basics of our ssh
tunneling infrastructure. The system now serves as our gateway to access
devices from work, for example, and also provide a convenient web proxy
as a replacement of our VPN. In the following sections, we recapped
through some of our use cases:
- Use of SSH Proxy as a replacement of VPN
- Connect to home computer via ssh
- Forward services from home to office
- Access resources on local LAN from a shared remote
Use of SSH Proxy as a
replacement of VPN
Our browser is google-chrome
, and we want it to connect
to our cloud server via a proxy. Therefore we can configure
google-chrome
to connect to the internet via the configured
proxy. The configuration should make google-chrome
dependent on the proxy to be present, otherwise it should not be able to
connect to the internet.
Read more in this
article.
Connect to home computer via
ssh
The problem with a normal home network is that it is hidden behind a
NAT. Moreover setting up port forwarding is not exactly trivial for
end-user. Therefore, since we have a readily accessible remote server,
we can leverage it for our purpose.
Read more in this
article.
Forward services from home
to office
We have some services that we would like to be made available at
office for convenience reason. For security purposes we have to use ssh
tunnels instead of exposing the port from our home network’s port
forwarding. It takes one cloud device we control that we utilized as a
bridge between our home computer and office computer.
Read more in this
article.
Access
resources on local LAN from a shared remote
We have certain resources accessible only from home LAN, and we want
to connect to them from anywhere. Given that we have a high availability
cloud server, we can use it as a reverse proxy to access specific
services we wanted to access. A custom configuration is required, and
will be outlined in the article below.
Read more in this
article.