Feature #1076
openRequest for a VPN or SSH proxy running on port 80 to deal with limited Internet access
Added by Robinson Tryon almost 10 years ago. Updated over 9 years ago.
90%
Description
When we're faced with limited Internet access (e.g. at the Hotel Astrid), it would be great to have a VPN or some method of SSHing to port 80 on a server so that we can perform various sysadmin-type tasks.
Updated by Robinson Tryon almost 10 years ago
I believe that hotel Wifi often blocks ports for IRC as well, so a VPN could be very helpful to allow us to keep in communication.
Updated by Florian Effenberger almost 10 years ago
- Assignee deleted (
Alexander Werner) - Private changed from Yes to No
Adding this to the generic infra pile, sounds like a good task for a volunteer
Updated by Alin Cretu almost 10 years ago
Hi,
- What networks should be "visible" through the VPN ?
- How many concurrent users/connections should the solution support ?
- What platforms shall be supported on the client side ?
- How can be tested ?
- Who can test and approve the proposed technical solution ?
- By when needs to be in production the requested solution ?
Updated by Robert Einsle almost 10 years ago
Hi *,
as Tipp, you can use sslh as proxy on port 443 to difference between ssl and ssh.
SSLH listens on *:443 and forwards the connection to either sshd or webserver.
Normally on Hotels 443 is allowed to.
Robert
Updated by Robinson Tryon almost 10 years ago
Alin Cretu wrote:
Hi,
- What networks should be "visible" through the VPN ?
For starters:
- TDF servers
- Any related servers/devices
- Freenode IRC
I'll assume that the filtered network that allows http traffic will cover our web-browsing needs (for docs, software info, etc..)
- How many concurrent users/connections should the solution support ?
Let's say a dozen for starters. I expect that most people will be on an unfiltered network most of the time.
- What platforms shall be supported on the client side ?
Linux/Win/Mac, ideally. It's unlikely people will be accessing from Android or iOS.
- How can be tested ?
Good question. I guess set up some filtering rules on your local router? ;-)
- Who can test and approve the proposed technical solution ?
Cloph and Alex are the best people to contact.
- By when needs to be in production the requested solution ?
Before someone gets stuck on a restricted network in a hotel again... :P There's no hard deadline here, but it would be nice to have this tool available to us.
Updated by Alin Cretu over 9 years ago
- Assignee set to Alin Cretu
Taking this one to prepare a proof of concept for the requested feature/solution.
@Alex,
Could you please allocate a VM with a CentOS 6.6 that should be used for this purpose ?
Thank you.
Updated by Alin Cretu over 9 years ago
- Status changed from New to In Progress
- Start date set to 2015-03-10
- % Done changed from 0 to 70
Server side is installed/configured and ready to accept some friendly test users.
Updated by Alin Cretu over 9 years ago
- % Done changed from 60 to 90
Server side installed/configured to route trough VPN the traffic to IP's or networks used by TDF servers and the irc.freenode.net servers.
Current setup successfully tested by floeff with/on OS X client, and cralin with CentOS 6 and CentOS 7 clients.
Updated by Dennis Roczek over 9 years ago
just for the case: can I get another access for the next libreoffice conf in denmark? whoever knows if i get my new router in time (lol) and need to do other stuff by lowliness onwiki ^^
Updated by Florian Effenberger over 9 years ago
Sure!
If you need it in September, best is to ask shortly before, in case the
setup changes again :-) But per se no objections
Updated by Alin Cretu over 9 years ago
Hi Denis,
Please provide the following:
Full name
Working e-mail address
Public gpg key to be used encrypting files before they are sent to you via
e-mail.
Please note:
Although steps were taken to best the setup to the best of our abilities,
this setup is still see as test installation and not fully
productive/production mode.
If you see issues/errors with this setup, please report them to TDF admin
group.
Regards,
Alin Crețu
On Mon, Jun 1, 2015 at 2:20 AM, The Document Foundation Redmine <
generic@redmine.documentfoundation.org> wrote:
Updated by Dennis Roczek over 9 years ago
Alin Cretu wrote:
Hi Denis,
Please provide the following:
Full name
Dennis Roczek
Working e-mail address
Public gpg key to be used encrypting files before they are sent to you via
e-mail.
0xCE2AB6D9
Regards,
Dennis Roczek