[opensuse] Connection Question
I have an odd question. I don't really *need* this but I wonder if it can be done. I often telecommute to work. Particularly in the evenings, I work at home. I can either load a VM - such as - Vista or work directly. When I load the VM, I run the VPN client (Cisco with a RSA key FOB) from the VM. My "main" network is not touched and openSUSE is still on my "home" network. When I load the VPN client (Cisco VPN Client 4.8.00) from openSUSE I connect the computer entirely to my corporate network. Now the question - every once in a while, I decide I need to print something locally. I currently share a printer with my wife's computer (Windows 2000 Pro) over SMB. Is there any way I can run on the vpn with my corporate network yet attach locally to my home connection? Do I need to create a proxy or something? -- kai www.filesite.org || www.perfectreign.com government is a process which utilizes 45.5% gut reaction, 45.5% laws and statutes and 1% logic -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 11 October 2008 15:12, Kai Ponte wrote:
I have an odd question. I don't really *need* this but I wonder if it can be done.
I often telecommute to work. Particularly in the evenings, I work at home. I can either load a VM - such as - Vista or work directly.
...
Now the question - every once in a while, I decide I need to print something locally.
I currently share a printer with my wife's computer (Windows 2000 Pro) over SMB.
Is there any way I can run on the vpn with my corporate network yet attach locally to my home connection?
Do I need to create a proxy or something?
I'm not sure how close this comes to being a solution nor whether it's an available option for you (you don't say which version of VMware you're using, e.g., Workstation vs. Server, nor which of the 17 Vista versions you're using). Anyway, the simple observation is that with VMware workstation, at least, you can configure any number of virtual network adaptors with separate MAC addresses (naturally) and then use whatever guest OS capabilities exist for handling multiple network adaptors. So it seems at least plausible that you could configure one (virtual) adaptor to connect to your VPN and another to connect to your home LAN and thence access your SMB-based print server.
-- kai
Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 11 October 2008 03:28:57 pm Randall R Schulz wrote:
I'm not sure how close this comes to being a solution nor whether it's an available option for you (you don't say which version of VMware you're using, e.g., Workstation vs. Server, nor which of the 17 Vista versions you're using).
Anyway, the simple observation is that with VMware workstation, at least, you can configure any number of virtual network adaptors with separate MAC addresses (naturally) and then use whatever guest OS capabilities exist for handling multiple network adaptors.
So it seems at least plausible that you could configure one (virtual) adaptor to connect to your VPN and another to connect to your home LAN and thence access your SMB-based print server.
Sorry for the confusion. This is not when I'm running VMWare (player) or Virtual Box (closed-source version) - it is when I'm directly connected to the corporate LAN. -- kai www.filesite.org || www.perfectreign.com government is a process which utilizes 45.5% gut reaction, 45.5% laws and statutes and 1% logic -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 11 October 2008 17:37, Kai Ponte wrote:
...
Sorry for the confusion.
This is not when I'm running VMWare (player) or Virtual Box (closed-source version) - it is when I'm directly connected to the corporate LAN.
Become a supplicant to your IT security people and get them to open a port to the SMB server on your home network (its IP address). I does have a static, routable address, doesn't it?
-- kai
Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, Oct 11, 2008 at 6:08 PM, Randall R Schulz <rschulz@sonic.net> wrote:
On Saturday 11 October 2008 17:37, Kai Ponte wrote:
...
Sorry for the confusion.
This is not when I'm running VMWare (player) or Virtual Box (closed-source version) - it is when I'm directly connected to the corporate LAN.
Become a supplicant to your IT security people and get them to open a port to the SMB server on your home network (its IP address). I does have a static, routable address, doesn't it?
Doesn't need a static. Doesn't need to beg. For years I defined a cups printer in my linux gateway to a printer inside, (in my case to a laser printer on one of those print-server boxes that cost $10). The linux box had a dyndns.org address, and I defined the printer to windows as ipp://servername.dyndns.org/laserjet (or alternatly http://servername.dyndns.org:631/printers/laserjet. Either method is understood by windows boxes and linux boxes(via cusp) alike. In the Linux server, it just re-routed this to whatever cups backend the server needed. smb, port 9000, or 4010 for my netgear printserver. (Can't say as I recommend smb as a backend when doing this because it is windows after all). A little fiddling wiht cups config files and firewall were needed to allow remote usage. In 8 years of doing that, I never had a single unexplained print job show up on the printer. -- ----------JSA--------- Someone stole my tag line, so now I have this rental. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 11 October 2008 21:45, John Andersen wrote:
...
In 8 years of doing that, I never had a single unexplained print job show up on the printer.
While that's all technically valid, many corporate networks are very tightly regulated and opening a outgoing firewall port without restricting it to a particular IP is probably going to be harder than opening it to a specific one, if they can be persuaded at all. Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 12 October 2008 06:13:02 am Randall R Schulz wrote:
On Saturday 11 October 2008 21:45, John Andersen wrote:
...
In 8 years of doing that, I never had a single unexplained print job show up on the printer.
While that's all technically valid, many corporate networks are very tightly regulated and opening a outgoing firewall port without restricting it to a particular IP is probably going to be harder than opening it to a specific one, if they can be persuaded at all.
Yes, our security folks are anal - as they should be - about opening ports and whatnot. I just thought of something, however. I had planned to open a proxy to my wife's computer so I could connect to it from work for support. (She uses it to work from home.) I wonder if I couldn't print to that computer via the proxy... /me runs off to search how to do this. -- kai www.filesite.org || www.perfectreign.com government is a process which utilizes 45.5% gut reaction, 45.5% laws and statutes and 1% logic -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2008-10-12 at 07:01 -0700, Kai Ponte wrote:
Yes, our security folks are anal - as they should be - about opening ports and whatnot.
I just thought of something, however.
There are other methods. You can print to a file, and email that file to yourself. Perhaps you could ftp out (not in) to reach an external computer (via internet) that happens to be yours, and send the file. Or ssh. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkjyEq8ACgkQtTMYHG2NR9W9dgCcCDD+F059uywhFgpqwUMNAURa siMAmQF0eWf1+g9B2OumzXIwshstvahY =+coH -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Kai Ponte wrote:
On Sunday 12 October 2008 06:13:02 am Randall R Schulz wrote:
On Saturday 11 October 2008 21:45, John Andersen wrote:
...
In 8 years of doing that, I never had a single unexplained print job show up on the printer. While that's all technically valid, many corporate networks are very tightly regulated and opening a outgoing firewall port without restricting it to a particular IP is probably going to be harder than opening it to a specific one, if they can be persuaded at all.
Yes, our security folks are anal - as they should be - about opening ports and whatnot.
I just thought of something, however.
I had planned to open a proxy to my wife's computer so I could connect to it from work for support. (She uses it to work from home.)
I wonder if I couldn't print to that computer via the proxy...
/me runs off to search how to do this.
That might work, But you are avoiding the obvious. Your network people can be as anal as they want, but unless they are willing to block ALL outgoing ports and prevent web access all together there is simply not an issue here. All web connections start on an arbitrary port (usually above 1024) and go to port 80. If they shut that down nobody gets on line. Many protocols require subsequent connections to an arbitrary hi port negotiated by the first connection to a known port. If that shut that down weird application failures happen all over the place. The upshot it its very difficult to block outgoing connections on arbitrary ports and still do anything useful on the web. So most companies block only block OUTGOING ports that are known threats (such as outgoing 25, maybe 21 and 22), but can't realistically block EVERYTHING. If you can browse the web from work you have no problem. You can run cups on 631 (its normal port, which is not likely blocked, and at the same time any arbitrary high port you choose). Or port 80, or port 443 or any other port you don't run a service on at home. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I am in pretty much the same situation you are. I had a LOT of trouble with the cisco vpn because it takes over your routing and hostname lookups. I solved this by replacing my router with a linux router (old enough to run the cisco client). I configured dns to do lookups on the correct dns server for the different domains (the whole world, vs my local or work networks). I configured dhcp to install my home machines in dns. I script wrappered the cisco client to restore my hand edited resolv.conf after starting. Now I can connect to my work network from any machine behind my router, and print properly etc. (from vm's too). You'r requirements are a little less demanding than mine and you might be able to overcome the printing problem by adding a static route to your print server after bringing up the cisco client... There is also an opensource "vpnclient" which will connect to the cisco vpn server (if you're using the old Concentrator 3000 series or compatable). It works ok, but tends to go down during key replacement (about 8 hrs). wcn Kai Ponte wrote:
I have an odd question. I don't really *need* this but I wonder if it can be done.
I often telecommute to work. Particularly in the evenings, I work at home. I can either load a VM - such as - Vista or work directly.
When I load the VM, I run the VPN client (Cisco with a RSA key FOB) from the VM. My "main" network is not touched and openSUSE is still on my "home" network.
When I load the VPN client (Cisco VPN Client 4.8.00) from openSUSE I connect the computer entirely to my corporate network.
Now the question - every once in a while, I decide I need to print something locally.
I currently share a printer with my wife's computer (Windows 2000 Pro) over SMB.
Is there any way I can run on the vpn with my corporate network yet attach locally to my home connection?
Do I need to create a proxy or something?
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 14 October 2008 08:17:52 am Wendell Nichols wrote:
I am in pretty much the same situation you are. I had a LOT of trouble with the cisco vpn because it takes over your routing and hostname lookups. I solved this by replacing my router with a linux router (old enough to run the cisco client). I configured dns to do lookups on the correct dns server for the different domains (the whole world, vs my local or work networks). I configured dhcp to install my home machines in dns. I script wrappered the cisco client to restore my hand edited resolv.conf after starting.
Not sure what you mean. You took a workstation and made it into a router? -- kai www.filesite.org || www.perfectreign.com government is a process which utilizes 45.5% gut reaction, 45.5% laws and statutes and 1% logic -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
The linux router project is the place to look for getting started. Yes I use a desktop with two (or 3) nics as a router. Once setup, I just leave it in my basement doing its job. wcn Kai Ponte wrote:
On Tuesday 14 October 2008 08:17:52 am Wendell Nichols wrote:
I am in pretty much the same situation you are. I had a LOT of trouble with the cisco vpn because it takes over your routing and hostname lookups. I solved this by replacing my router with a linux router (old enough to run the cisco client). I configured dns to do lookups on the correct dns server for the different domains (the whole world, vs my local or work networks). I configured dhcp to install my home machines in dns. I script wrappered the cisco client to restore my hand edited resolv.conf after starting.
Not sure what you mean. You took a workstation and made it into a router?
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (5)
-
Carlos E. R. -
John Andersen -
Kai Ponte -
Randall R Schulz -
Wendell Nichols