Project

General

Profile

Feature #1076

Request for a VPN or SSH proxy running on port 80 to deal with limited Internet access

Added by Robinson Tryon almost 3 years ago. Updated over 2 years ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
2015-03-10
Due date:
% Done:

90%

Estimated time:
Tags:
URL:

Description

When we're faced with limited Internet access (e.g. at the Hotel Astrid), it would be great to have a VPN or some method of SSHing to port 80 on a server so that we can perform various sysadmin-type tasks.

History

#1 Updated by Robinson Tryon almost 3 years ago

I believe that hotel Wifi often blocks ports for IRC as well, so a VPN could be very helpful to allow us to keep in communication.

#2 Updated by Florian Effenberger almost 3 years ago

  • Assignee deleted (Alexander Werner)
  • Private changed from Yes to No

Adding this to the generic infra pile, sounds like a good task for a volunteer

#3 Updated by Alin Cretu almost 3 years ago

Hi,

- What networks should be "visible" through the VPN ?
- How many concurrent users/connections should the solution support ?
- What platforms shall be supported on the client side ?
- How can be tested ?
- Who can test and approve the proposed technical solution ?
- By when needs to be in production the requested solution ?

#4 Updated by Alin Cretu almost 3 years ago

  • Tracker changed from Bug to Feature

#5 Updated by Robert Einsle almost 3 years ago

Hi *,

as Tipp, you can use sslh as proxy on port 443 to difference between ssl and ssh.

SSLH listens on *:443 and forwards the connection to either sshd or webserver.

Normally on Hotels 443 is allowed to.

Robert

#6 Updated by Robinson Tryon almost 3 years ago

Alin Cretu wrote:

Hi,

- What networks should be "visible" through the VPN ?

For starters:
- TDF servers
- Any related servers/devices
- Freenode IRC

I'll assume that the filtered network that allows http traffic will cover our web-browsing needs (for docs, software info, etc..)

- How many concurrent users/connections should the solution support ?

Let's say a dozen for starters. I expect that most people will be on an unfiltered network most of the time.

- What platforms shall be supported on the client side ?

Linux/Win/Mac, ideally. It's unlikely people will be accessing from Android or iOS.

- How can be tested ?

Good question. I guess set up some filtering rules on your local router? ;-)

- Who can test and approve the proposed technical solution ?

Cloph and Alex are the best people to contact.

- By when needs to be in production the requested solution ?

Before someone gets stuck on a restricted network in a hotel again... :P There's no hard deadline here, but it would be nice to have this tool available to us.

#7 Updated by Alin Cretu almost 3 years ago

  • Assignee set to Alin Cretu

Taking this one to prepare a proof of concept for the requested feature/solution.

@Alex,
Could you please allocate a VM with a CentOS 6.6 that should be used for this purpose ?

Thank you.

#8 Updated by Alin Cretu almost 3 years ago

  • Status changed from New to In Progress
  • Start date set to 2015-03-10
  • % Done changed from 0 to 70

Server side is installed/configured and ready to accept some friendly test users.

#9 Updated by Alin Cretu almost 3 years ago

  • % Done changed from 70 to 60

#10 Updated by Alin Cretu over 2 years ago

  • % Done changed from 60 to 90

Server side installed/configured to route trough VPN the traffic to IP's or networks used by TDF servers and the irc.freenode.net servers.

Current setup successfully tested by floeff with/on OS X client, and cralin with CentOS 6 and CentOS 7 clients.

#11 Updated by Dennis Roczek over 2 years ago

just for the case: can I get another access for the next libreoffice conf in denmark? whoever knows if i get my new router in time (lol) and need to do other stuff by lowliness onwiki ^^

#12 Updated by Florian Effenberger over 2 years ago

Sure!
If you need it in September, best is to ask shortly before, in case the
setup changes again :-) But per se no objections

#13 Updated by Alin Cretu over 2 years ago

Hi Denis,

Please provide the following:

Full name
Working e-mail address
Public gpg key to be used encrypting files before they are sent to you via
e-mail.

Please note:

Although steps were taken to best the setup to the best of our abilities,
this setup is still see as test installation and not fully
productive/production mode.
If you see issues/errors with this setup, please report them to TDF admin
group.

Regards,
Alin Crețu

On Mon, Jun 1, 2015 at 2:20 AM, The Document Foundation Redmine <
> wrote:

#14 Updated by Dennis Roczek over 2 years ago

Alin Cretu wrote:

Hi Denis,

Please provide the following:

Full name

Dennis Roczek

Working e-mail address

Public gpg key to be used encrypting files before they are sent to you via
e-mail.

0xCE2AB6D9

Regards,

Dennis Roczek

Also available in: Atom PDF