Home
Publications
Getting around the "site blocked at work" issue
======================================
WARNING: These instructions assume you have a fairly good understanding of client/server architecture, TCP/IP, networking, firewalls, routers, SSH, encryption, key pair management etc... These are high level details and are not meant to be a detailed step by step guide that anyone can simply follow. If you are curious, I'll help you as much as possible.
Introduction
==========
I thought I'd share with you guys the tools/services I personally use in order to enable full access to the Internet from wherever you are by using your own home internet connection to do the work. Often, at your work or client location, you don't have access to certain web sites because of the filtering software that's being used (social sites like Facebook are blocked, gambling sites are blocked, etc...). The best way to get around this is create your own proxy service that makes use of your home internet connection and not the one at work.
The following things are required:
- High speed internet connection at home
- A router that supports port re-direction
- Dynamic DNS Service (free)
- A computer at home that you will connect to running Windows
- An SSH server (free) that you will setup on your home computer
- An SSH client (free) that you can install on your work/remote computer
If you can't install anything on your work computer, you can still make use of a utility called Portable Apps which lets you setup and run applications directly from a USB stick. Of course, you'll need access to a USB port on your work computer to do this. See the Portable Apps details at the end of this.
The Concept
==========
The overall concept is as follows. You create a secure connection from your work computer (or any remote computer) back to your home computer. You then re-direct your internet requests (ie: proxy them) over this tunnel and back to your home computer and make use of your home internet connection as opposed to the restricted connection you have at work. This lets you get by any restrictions because you are making the requests using your own home internet connection via the tunnel you have established. The added benefit is that this tunnel is secure and encrypted - all of your data is protected and no one can "sniff" what you're doing.
Setup a Dynamic DNS Service:
============================
To make life easy, it's best to subscribe to a Dynamic DNS service. This allows you to refer to your home connection using a simple URL instead of the actual IP address. I use dyndns.org. You'll need to setup an account, download their client update software and install it on the computer you're going to use at home to run all these services. I have a desktop that I leave running 24x7 on which I've set these services up.
DynDNS web site: http://www.dyndns.com/
Create an account, dowload the tool and then setup your Dynamic DNS name. You'll end up with something that looks like myhomesystem.dyndns.org (example only).
This is needed because the IP address of your home internet connection can change over time, and some providers change the IP address quite regularly. So, instead of trying to figure it out and remember what it is each and every day, you setup this utility to check your IP address for you and if it changes, it updates DynDNS's DNS records. Then, when you use the custom name that you have established (myhomesystem.dyndns.org for example) it will resolve to the right IP address. It's important that you know the IP address of your internet connection so that the client software can find home.
Port Forwarding
============
Typically, port 22 is used to establish the secure tunnel back to your home system. This is because traditionally, this port is wide open everywhere as it's the port used for SSH connections. If it's not open, then you'll have to find one that is and make use of that one. You're on your own there. These instructions will assume port 22 is open.
To make use of this port, you'll need to setup port redirection rules on your router so that requests coming in from the internet on that port are sent to the computer on your home system. Most routers these days support this and the instructions should be fairly easy to follow from the manufacturer. The key is to ensure that TCP requests on port 22 are forwarded to the machine on your network that is running all these services.
NOTE: If you have any firewalls or intrusion detection software running on your home system, make sure they let this connection through.
SSH Server
=========
The next step is to setup the SSH server on your home system. This is the back end of the connection that you will establish and is required. To do this, download the product called WinSSHD from Bitvise:
http://www.bitvise.com/winsshd
This software is free for personal, non-commercial use - no need to enter a license key or purchase one. Install it on your target home computer. This should be the same system you installed the DynDNS client on. This will create a windows service that will run in the background on your computer. This is good as you won't need to be logged in for it to be running.
Once the server has been installed, you will need to generate a set of host keys for your system. These host keys are used to encrypt the connection that is established. The public version of these keys will need to be exported and used in the client (see next step).
Tunnelier Client
============
On your mobile system (ie: laptop that you use at work, or work computer) you'll need to install the Tunnelier client. This is the software that initiates the connection back to your home network. To do this, download and install the free product called Tunnelier from Bitvise:
http://www.bitvise.com/tunnelier
After it's setup you'll need to establish a profile and load in your key pair to be used in the authentication. The information you'll need to provide is:
- host: the dyndns host name you created earlier
- port: 22 (unless you need a different port)
- user name: user name of the windows account on your home system
- password: password of the windows account on your home system
- public keys (import the public keys generated from your home system)
Once that is entered, you should be able to create a connection. If successful, you'll be able to establish a secure, encrypted connection to your home network. This is called the tunnel.
Enable Proxy Service
================
On the "Services" tab of the Tunnelier client, you can enable the proxy service. This will let you setup a local proxy that re-directs requests via the connection you just established. Once enabled, you'll need to update your browser's setting to make use of this proxy. The proxy is typically:
- host: 127.0.0.1
- port: 1080
Those are the defaults and should work for most situations. They are changeable via the Services tab in the Tunnelier client if you need to make use of a different port.
You can make use of this proxy for any application that lets you specify a proxy. I use it for the following:
- web browsing (Firefox)
- email (Thunderbird)
- instant messaging clients
This lets you get around the "MSN is blocked at my work" issue. Very slick.
Portable Apps
===========
If you can't install the Tunnelier client on your work computer, you can always make use of a tool called Portable Apps. This utility lets you install and run apps from a USB stick or removable drive. This is very useful if you are abroad and don't have your laptop. The apps that are installed need to be made portable in the first place.
The Portable Apps utility can be found here:
http://portableapps.com/
The Portable version of Tunnelier can be found here:
http://www.vbap.com.au/tunnelierportable
I use both of these utilities when I'm without my laptop.
Well, I hope this is helpful for you guys. This is a great technology not only for getting around limitations at work, but also to ensure that your personal traffic is kept personal. I don't want my work to be following my browsing habits or reading my personal email etc... Even when I'm at home, connected to my home wireless network, I use this technology to keep things safe.
Cheers.
======================================
WARNING: These instructions assume you have a fairly good understanding of client/server architecture, TCP/IP, networking, firewalls, routers, SSH, encryption, key pair management etc... These are high level details and are not meant to be a detailed step by step guide that anyone can simply follow. If you are curious, I'll help you as much as possible.
Introduction
==========
I thought I'd share with you guys the tools/services I personally use in order to enable full access to the Internet from wherever you are by using your own home internet connection to do the work. Often, at your work or client location, you don't have access to certain web sites because of the filtering software that's being used (social sites like Facebook are blocked, gambling sites are blocked, etc...). The best way to get around this is create your own proxy service that makes use of your home internet connection and not the one at work.
The following things are required:
- High speed internet connection at home
- A router that supports port re-direction
- Dynamic DNS Service (free)
- A computer at home that you will connect to running Windows
- An SSH server (free) that you will setup on your home computer
- An SSH client (free) that you can install on your work/remote computer
If you can't install anything on your work computer, you can still make use of a utility called Portable Apps which lets you setup and run applications directly from a USB stick. Of course, you'll need access to a USB port on your work computer to do this. See the Portable Apps details at the end of this.
The Concept
==========
The overall concept is as follows. You create a secure connection from your work computer (or any remote computer) back to your home computer. You then re-direct your internet requests (ie: proxy them) over this tunnel and back to your home computer and make use of your home internet connection as opposed to the restricted connection you have at work. This lets you get by any restrictions because you are making the requests using your own home internet connection via the tunnel you have established. The added benefit is that this tunnel is secure and encrypted - all of your data is protected and no one can "sniff" what you're doing.
Setup a Dynamic DNS Service:
============================
To make life easy, it's best to subscribe to a Dynamic DNS service. This allows you to refer to your home connection using a simple URL instead of the actual IP address. I use dyndns.org. You'll need to setup an account, download their client update software and install it on the computer you're going to use at home to run all these services. I have a desktop that I leave running 24x7 on which I've set these services up.
DynDNS web site: http://www.dyndns.com/
Create an account, dowload the tool and then setup your Dynamic DNS name. You'll end up with something that looks like myhomesystem.dyndns.org (example only).
This is needed because the IP address of your home internet connection can change over time, and some providers change the IP address quite regularly. So, instead of trying to figure it out and remember what it is each and every day, you setup this utility to check your IP address for you and if it changes, it updates DynDNS's DNS records. Then, when you use the custom name that you have established (myhomesystem.dyndns.org for example) it will resolve to the right IP address. It's important that you know the IP address of your internet connection so that the client software can find home.
Port Forwarding
============
Typically, port 22 is used to establish the secure tunnel back to your home system. This is because traditionally, this port is wide open everywhere as it's the port used for SSH connections. If it's not open, then you'll have to find one that is and make use of that one. You're on your own there. These instructions will assume port 22 is open.
To make use of this port, you'll need to setup port redirection rules on your router so that requests coming in from the internet on that port are sent to the computer on your home system. Most routers these days support this and the instructions should be fairly easy to follow from the manufacturer. The key is to ensure that TCP requests on port 22 are forwarded to the machine on your network that is running all these services.
NOTE: If you have any firewalls or intrusion detection software running on your home system, make sure they let this connection through.
SSH Server
=========
The next step is to setup the SSH server on your home system. This is the back end of the connection that you will establish and is required. To do this, download the product called WinSSHD from Bitvise:
http://www.bitvise.com/winsshd
This software is free for personal, non-commercial use - no need to enter a license key or purchase one. Install it on your target home computer. This should be the same system you installed the DynDNS client on. This will create a windows service that will run in the background on your computer. This is good as you won't need to be logged in for it to be running.
Once the server has been installed, you will need to generate a set of host keys for your system. These host keys are used to encrypt the connection that is established. The public version of these keys will need to be exported and used in the client (see next step).
Tunnelier Client
============
On your mobile system (ie: laptop that you use at work, or work computer) you'll need to install the Tunnelier client. This is the software that initiates the connection back to your home network. To do this, download and install the free product called Tunnelier from Bitvise:
http://www.bitvise.com/tunnelier
After it's setup you'll need to establish a profile and load in your key pair to be used in the authentication. The information you'll need to provide is:
- host: the dyndns host name you created earlier
- port: 22 (unless you need a different port)
- user name: user name of the windows account on your home system
- password: password of the windows account on your home system
- public keys (import the public keys generated from your home system)
Once that is entered, you should be able to create a connection. If successful, you'll be able to establish a secure, encrypted connection to your home network. This is called the tunnel.
Enable Proxy Service
================
On the "Services" tab of the Tunnelier client, you can enable the proxy service. This will let you setup a local proxy that re-directs requests via the connection you just established. Once enabled, you'll need to update your browser's setting to make use of this proxy. The proxy is typically:
- host: 127.0.0.1
- port: 1080
Those are the defaults and should work for most situations. They are changeable via the Services tab in the Tunnelier client if you need to make use of a different port.
You can make use of this proxy for any application that lets you specify a proxy. I use it for the following:
- web browsing (Firefox)
- email (Thunderbird)
- instant messaging clients
This lets you get around the "MSN is blocked at my work" issue. Very slick.
Portable Apps
===========
If you can't install the Tunnelier client on your work computer, you can always make use of a tool called Portable Apps. This utility lets you install and run apps from a USB stick or removable drive. This is very useful if you are abroad and don't have your laptop. The apps that are installed need to be made portable in the first place.
The Portable Apps utility can be found here:
http://portableapps.com/
The Portable version of Tunnelier can be found here:
http://www.vbap.com.au/tunnelierportable
I use both of these utilities when I'm without my laptop.
Well, I hope this is helpful for you guys. This is a great technology not only for getting around limitations at work, but also to ensure that your personal traffic is kept personal. I don't want my work to be following my browsing habits or reading my personal email etc... Even when I'm at home, connected to my home wireless network, I use this technology to keep things safe.
Cheers.
Last edited by shabbs on Fri Oct 31, 2008 10:52 am; edited 4 times in total
