Connecting a Sunray over a WAN with SSH tunneling
I have the following (potential) solution.
Sunray, Available 'box' at home
|
NAT/Router
|
Internet
|
Public Access Server
|
Sunray Server
I have full control over the sunray, the available 'box' (on which I will install *nix or whatever is required), and the Router. I have user privileges on the Public Access server and the Sunray server.
The only applicable method of accessing the Public Access Server is SSH (HTTP, FTP, etc are obviously useless). I am able to tunnel a regular terminal session through the Public Access server to the Sunray server by means of SSH.
My question is as follows:
How can I configure the 'box' to forward the Sunray client to its server?
Would:
intercepting the BootP request,
tunneling to the Sunray server,
repeating the request,
giving the Sunray client a BootP response referring to a port on the 'box', that is in turn tunneled to the appropriate port on the Sunray Server
be the (or a) solution? If so, how would I implement such a tangled web of deceipt?
With thanks in advance for any insight.
# 1
From what I can tell, ports required to allow a sunray to communicte with a sunray server are dynamic. Thus trying to hack in a simple ssh port forwarding is problematic at best. And then there is the issue of dhcp or dns setup. You would have to have some control over either the dhcp client (to set certain option flags) or dns (to set the 'sunray-config-servers' dns record) so that the DTU can find the sunray server. Most small nat/firewall/routers dont give you this level of flexibility.
The setup I use at home consist of a Cisco 831 router that creates a LAN-LAN IPSec VPN back to my corporate network. On the corporate side we use a cisco 3000 series VPN concentrator. I have 3 devices sitting at hom home office: Two sunrays and a Cisco VoIP phone. By "upgrading" to a Cisco 851
Given your setup, the best you may be able to do is some sort of PPP -> SSH tunnel. That said, since you only have user privs on the Public Access Server, that may not be possible. Two possible examples are at http://www.faqs.org/docs/Linux-mini/ppp-ssh.html and http://www.cs.miami.edu/~burt/local/cs-arch-2002/ssh-tunnels.html
Another option would be to install OpenVPN on the remote box and then setup a box at your location to create the vpn connection. See http://openvpn.net/ for details, but note that the remote site will require the TUN/TAP driver to be installed (unlikely).
Basically, withouth admin access to that Public Access Server or a VPN box to connect to (ssh != vpn) , your options are very limited.
