Re: Remote access to rack options from Kenneth Ratliff on 2012-10-08 (Ccielab archives 10/2012)

From: Kenneth Ratliff <dayne_at_cluebat.net>
Date: Mon, 08 Oct 2012 06:13:06 -0600

I use a few different methods to get into my home rack.

I maintain a VPS with Linode which acts as my web and mail server. I have
the VPS connected back to my home router via an ipsec tunnel, and I run
BGP between the two endpoints.

My home network also has an OpenBSD host that's open to the world via SSH,
which I use as a jump box.

Ideally, I can just ssh into my jump box and from there telnet to my term
server ports. That's the simplest method.

If I can't, then I try to SSH to my VPS, and from there I can telnet
directly to my term server, since they're connected via ipsec tunnel with
routing established. I also have the ssh daemon binding to a few
non-standard high ports, as well as port 80 and 443 on a second public IP
(second IP is necessary to not interfere with operation of my web server).

If none of that works, then I'll fire up the OpenVPN client and try to
connect. If it works, then it's all good, because once again, connectivity
via ipsec tunnel with routing established.

If none of *that* works (and I've only encountered it on one network where
they hit everything), well, them I'm pretty much out of ideas
. For ipv4.

My VPS is also dual-stacked, with a native ipv6 connection, so I try all
but the first step again via ipv6, because I can usually get a v6 address
via ISATAP or Teredo. If I can reach my VPS over ipv6, then I can
communicate to my home network over v4. The network that I mentioned that
had ipv4 locked down? Let me out easy via v6.

On 10/7/12 1:14 AM, "John Pelletier" <john.pelletier_at_altima-group.com>
wrote:

>I cannot use telnet out of the network I work on to get to my rack at
>home. I could set up a
>ASA to terminate a VPN client I would think to do this but is there any
>other way? Currently
>I use port forwarding on my home wireless router to turn on the rack and
>telnet to the terminal
>server to jump off to each device using secure crt. Ideas?
>
>
>Blogs and organic groups at http://www.ccie.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Oct 08 2012 - 06:13:06 ART

This archive was generated by hypermail 2.2.0 : Thu Nov 01 2012 - 10:53:33 ART