Hello,
I have customers with x2go installations in a local network behind NAT (fat clients), and I am looking for a way how to connect easy to them.
Of cause I can make a port forwarding, or an SSH tunnel from the fat client to my computer, but maybe you have a better and more flexible idea?
In earlyer times I used TightVNC. There was the great "-via" command, something like: vncviewer -via henk@server.henk.nl 192.168.0.33
Any ideas how to be flexible behind NAT with X2go?
With regards, Paul van der Vlis.
-- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl
On Fri, 2011-08-12 at 10:08 +0200, Paul van der Vlis wrote:
Hello,
I have customers with x2go installations in a local network behind NAT (fat clients), and I am looking for a way how to connect easy to them.
Of cause I can make a port forwarding, or an SSH tunnel from the fat client to my computer, but maybe you have a better and more flexible idea?
In earlyer times I used TightVNC. There was the great "-via" command, something like: vncviewer -via henk@server.henk.nl 192.168.0.33
Any ideas how to be flexible behind NAT with X2go? Hi, Paul. Let me make sure I understand. The server is on an internal network behind NAT and users on the outside need to come in to it?
If so, I would suggest changing the SSH port to a non-standard port and then allowing that port through your firewall. For extra security, you could move the X2Go server to a separate network separated from the main network by a firewall and only allow explicit access to needed resources from the X2Go server. That's what we do with the ISCS project for micro-perimeter security (iscs.sourceforge.net)
Op 13-08-11 00:46, John A. Sullivan III schreef:
On Fri, 2011-08-12 at 10:08 +0200, Paul van der Vlis wrote:
Hello,
I have customers with x2go installations in a local network behind NAT (fat clients), and I am looking for a way how to connect easy to them.
Of cause I can make a port forwarding, or an SSH tunnel from the fat client to my computer, but maybe you have a better and more flexible idea?
In earlyer times I used TightVNC. There was the great "-via" command, something like: vncviewer -via henk@server.henk.nl 192.168.0.33
Any ideas how to be flexible behind NAT with X2go? Hi, Paul. Let me make sure I understand. The server is on an internal network behind NAT and users on the outside need to come in to it?
No, it are very normal fat-clients behind NAT, and only I (the sysadmin) need connect to them, to help the people when there are problems. I am looking for an easy and flexible way to connect.
( Hmmm, IPv6 is an option here. But I have many other customers where the ISP does not offer IPv6. )
Bye, Paul.
-- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl
On Saturday 13 August 2011 14:06:26 Paul van der Vlis wrote:
Op 13-08-11 00:46, John A. Sullivan III schreef:
On Fri, 2011-08-12 at 10:08 +0200, Paul van der Vlis wrote:
Hello,
I have customers with x2go installations in a local network behind NAT (fat clients), and I am looking for a way how to connect easy to them.
Of cause I can make a port forwarding, or an SSH tunnel from the fat client to my computer, but maybe you have a better and more flexible idea?
In earlyer times I used TightVNC. There was the great "-via" command, something like: vncviewer -via henk@server.henk.nl 192.168.0.33
Any ideas how to be flexible behind NAT with X2go?
Hi, Paul. Let me make sure I understand. The server is on an internal network behind NAT and users on the outside need to come in to it?
No, it are very normal fat-clients behind NAT, and only I (the sysadmin) need connect to them, to help the people when there are problems. I am looking for an easy and flexible way to connect.
( Hmmm, IPv6 is an option here. But I have many other customers where the ISP does not offer IPv6. )
What about an openvpn with correct routing? In this case your clients router is the server, your machine the client and the server pushes the routes for the connected network. Works very well here both for us employees checking into our business network on weekends/evenings and also to our clients. And it works with x2go, rdp, vnc, ssh, heck, we even have connected cups-printers over this...
Have fun,
Arnold
Op 13-08-11 16:29, Arnold Krille schreef:
On Saturday 13 August 2011 14:06:26 Paul van der Vlis wrote:
Op 13-08-11 00:46, John A. Sullivan III schreef:
On Fri, 2011-08-12 at 10:08 +0200, Paul van der Vlis wrote:
Hello,
I have customers with x2go installations in a local network behind NAT (fat clients), and I am looking for a way how to connect easy to them.
Of cause I can make a port forwarding, or an SSH tunnel from the fat client to my computer, but maybe you have a better and more flexible idea?
In earlyer times I used TightVNC. There was the great "-via" command, something like: vncviewer -via henk@server.henk.nl 192.168.0.33
Any ideas how to be flexible behind NAT with X2go?
Hi, Paul. Let me make sure I understand. The server is on an internal network behind NAT and users on the outside need to come in to it?
No, it are very normal fat-clients behind NAT, and only I (the sysadmin) need connect to them, to help the people when there are problems. I am looking for an easy and flexible way to connect.
( Hmmm, IPv6 is an option here. But I have many other customers where the ISP does not offer IPv6. )
What about an openvpn with correct routing? In this case your clients router is the server, your machine the client and the server pushes the routes for the connected network. Works very well here both for us employees checking into our business network on weekends/evenings and also to our clients. And it works with x2go, rdp, vnc, ssh, heck, we even have connected cups-printers over this...
That's an idea for bigger networks. For smaller networks it's maybe too much work. Thanks!
With regards, Paul.
-- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl
On 8/15/2011 4:43 AM, Paul van der Vlis wrote:
Hello,
I have customers with x2go installations in a local network behind NAT (fat clients), and I am looking for a way how to connect easy to them.
Of cause I can make a port forwarding, or an SSH tunnel from the fat client to my computer, but maybe you have a better and more flexible idea?
In earlyer times I used TightVNC. There was the great "-via" command, something like: vncviewer -via henk@server.henk.nl 192.168.0.33
Any ideas how to be flexible behind NAT with X2go?
Hi, Paul. Let me make sure I understand. The server is on an internal network behind NAT and users on the outside need to come in to it?
No, it are very normal fat-clients behind NAT, and only I (the sysadmin) need connect to them, to help the people when there are problems. I am looking for an easy and flexible way to connect.
( Hmmm, IPv6 is an option here. But I have many other customers where the ISP does not offer IPv6. )
What about an openvpn with correct routing? In this case your clients router is the server, your machine the client and the server pushes the routes for the connected network. Works very well here both for us employees checking into our business network on weekends/evenings and also to our clients. And it works with x2go, rdp, vnc, ssh, heck, we even have connected cups-printers over this...
That's an idea for bigger networks. For smaller networks it's maybe too much work. Thanks!
OpenVPN has 2 different modes. One is a point-to-point configuration that is simple to set up and understand (looks just like directly connected physical interfaces) but needs a process per instance. It is perfect for site-site connections or for admin access. The other is a 'server' mode that can accept a large number of connections - but you need to generate and manage ssl certificates per user.
-- Les Mikesell lesmikesell@gmail.com
Hi Paul,
On Sa 13 Aug 2011 14:06:26 CEST Paul van der Vlis wrote:
Of cause I can make a port forwarding, or an SSH tunnel from the fat client to my computer, but maybe you have a better and more flexible idea?
No, it are very normal fat-clients behind NAT, and only I (the sysadmin) need connect to them, to help the people when there are problems. I am looking for an easy and flexible way to connect.
PyHoca-GUI is targetted at system administrators who use X2go for
system administration. This is my primary use case...
What I do is:
o place a linux machine in the customer network and make it accessible via X2go (open SSH port with reverse NAT to this machine only) o from their on... - Windows clients: use X2go sessions as RDP-proxy connections - Linux clients: PyHoca-GUI has SSH proxy support included, check the config dialog Window for this
PyHoca-GUI's great advantage compared to x2goclient is the handling of
multiple sessions to the same session profile as well as to multiple
session profiles.
( Hmmm, IPv6 is an option here. But I have many other customers where the ISP does not offer IPv6. )
No IPv6 ISP needed, use an IPv6 tunnel broker (e.g. SixXS): http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
Op 14-08-11 19:29, Mike Gabriel schreef:
Hi Paul,
On Sa 13 Aug 2011 14:06:26 CEST Paul van der Vlis wrote:
Of cause I can make a port forwarding, or an SSH tunnel from the fat client to my computer, but maybe you have a better and more flexible idea?
No, it are very normal fat-clients behind NAT, and only I (the sysadmin) need connect to them, to help the people when there are problems. I am looking for an easy and flexible way to connect.
PyHoca-GUI is targetted at system administrators who use X2go for system administration. This is my primary use case...
What I do is:
o place a linux machine in the customer network and make it accessible via X2go (open SSH port with reverse NAT to this machine only) o from their on... - Windows clients: use X2go sessions as RDP-proxy connections - Linux clients: PyHoca-GUI has SSH proxy support included, check the config dialog Window for this
PyHoca-GUI's great advantage compared to x2goclient is the handling of multiple sessions to the same session profile as well as to multiple session profiles.
Sounds very good. I've never tested PyHoca-GUI but now I need ;-)
( Hmmm, IPv6 is an option here. But I have many other customers where the ISP does not offer IPv6. )
No IPv6 ISP needed, use an IPv6 tunnel broker (e.g. SixXS): http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers
I have an ISP who provides native IPv6 over ADSL, and this customer too.
But not all my customers have such a provider, using an IPv6 tunnel there could be an option.
Bye, Paul.
-- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl
-
Arnold Krille -
John A. Sullivan III -
Les Mikesell -
Mike Gabriel -
Paul van der Vlis