When I am at work, about the only port that I can get through is port 80. I would like to know the best VPN solution to connect to my Linux gateway at home from my Linux desktop at work (both Debian).

For all users currently, I have a PPTP server setup and running. However, I haven't been able to connect to it from work. I just need something simple for myself to use only (all other users will be using PPTP).

Could I use SSH over port 80 as some kind of VPN solution?

I basicly want to be able to get on my network at home from work, and use the default gateway at home from work.

-ee99ee2

Have a look at vtun

http://vtun.sourceforge.net/

Okay I got that setup. I can VPN into it from a friend's house, but when I come to work, it just says connection denied. Is it something I am doing? I can telnet into the VPN server from here (on port 80), but I can't connect.

One thing to note, they block ICMP echo requests here. Could that be what's causeing this?

-ee99ee2

In vtund.conf, does the session name match on the client and server??
ie:
name { port 80;
password xxxxx;
device tun0;
.................

"name" must be the same on both machines........

The name is the same on the client and the server, yes.

The problem is, it's not even connecting. I talked to the network admin here, and he said that he's only filtering through layer-3. So as far as the firewall is concerned, if it's on port 80 it can go through, even if it's not HTTP traffic.

Any more ideas anyone?

-ee99ee2

----quote-----
I can VPN into it from a friend's house,
----------------

Does your friend have the same isp as you have at home??

----quote------
but when I come to work, it just says connection denied.
-----------------

Is your isp at home filtering inbound http traffic??

----quote------
Is it something I am doing? I can telnet into the VPN server from here (on port 80),
-----------------

'Here' is work, correct??
Your seeing the vtund welcome banner in the telnet client??

"VTUN server ver 2.x <builddate>

---quote----
but I can't connect.
--------------

If your not getting the banner, I'd check your firewall rules, or the isp.......

-----quote-------
they block ICMP echo requests here. Could that be what's causeing this?
-------------------

That depends on if they are blocking all ICMP, then there may be a "Frag Needed" issue.... Are you blocking all ICMP at home??
Are you on DSL by any chance??

Okay... here goes: jumpedintothefire

-- Does your friend have the same isp as you have at home??

Yes.

-- Is your isp at home filtering inbound http traffic??

Not now. They used to, but they broke their pix and couldn't fix it, so they just unplugged it.

-- Your seeing the vtund welcome banner in the telnet client??

No, I see no banner. I see this:

Trying xxx.xxx.xxx.xxx...
Connected to <hostname here>.
Escape character is '^]'.

-- Are you blocking all ICMP at home??
Are you on DSL by any chance??

No, I am not blocking ICMP at home. No, I am on cable.


-ee99ee2

Sounds like the isp may have fixed thier problem......

As a test move the server to a different port and retest....
When testing from your friend's, you got the welcome banner with telnet or did it just work out of the box (except for the mknod)??

Email me (work and home, from the vtund email) with the ip of the server. Doesn't hurt to have a second telnet test from somewhere else...

Not the isp, I get the banner, at work are you behind a proxy like squid, socks, etc....?? I've used this behind a nat box without problems... Can you do a traceroute to your home machine?? If not where does it stop??