Shulou(Shulou.com)06/01 Report--

This article will explain in detail how OpenWRT penetrates the intranet. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

When UMU puts the router in the company and wants to log in to it at home, there is a problem: how to get to the company intranet? The answer is: dial a VPN to the company. And then this article is over!

Ha, just kidding, of course, to say that there is no use of VPN!

The real answer is: make a SSH reverse connection and protect it with autossh. You need to prepare a server with a fixed public network IP, and the UMU uses a certain CVM (not to avoid suspicion of advertising, oh, advertising space is for rent). If you don't want to pay for it, you can use home ADSL + dynamic domain name instead. The effect may be worse, but it is basically available.

To illustrate more clearly, list the roles:

1. Control side: UMU notebooks, no matter what network they are on, are required to connect to the router placed in the company.

2. Transit server: a so-and-so CVM with a fixed IP, represented by cloud_ip

3. Controlled side: put it on the company's router, intranet IP, represented by internal_ip.

Basic principle: let the controlled end actively connect to the transit server, and then the control end connects to the transit server, which can connect the controlled end indirectly.

Installation and setting of the controlled terminal, main reference: http://wiki.openwrt.org/doc/howto/autossh

Opkg updateopkg install autosshdropbearkey-t rsa-f / etc/dropbear/id_rsadropbearkey-y-f / etc/dropbear/id_rsa | grep ssh-rsa

Copy the output of the last line of command above, and note that there is only one line, which will be uploaded to the transit server later. Or you can change the last command to print to a file and download it locally using WinSCP.

Dropbearkey-y-f / etc/dropbear/id_rsa | grep ssh-rsa > / tmp/pubkey

Check the autossh configuration:

Uci get autossh.@autossh [0] .ssh

If there is no problem, set up the information of the transit server:

Uci set autossh.@autossh [0] .ssh ='- I / etc/dropbear/id_rsa-f-N-T-R 2222:localhost:22 @ 'uci commit

Next, log in to the transit server (Linux Server. If it is OpenWRT, change the following ~ / .ssh/authorized_keys to / etc/dropbear/authorized_keys) and upload the public key (/ tmp/pubkey):

Echo "key content" > ~ / .ssh/authorized_keys# or # cat pubkey > ~ / .ssh/authorized_keyschmod 0700 ~ / .ssh/chmod 0600 ~ / .ssh/authorized_keysvi / etc/ssh/sshd_config# instead allow certificates to log in to service sshd restart

/ etc/ssh/sshd_config needs to be opened:

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile .ssh / authorized_keys

GatewayPorts yes

Test on the router:

Ssh-I / etc/dropbear/id_rsa-f-N-T-R 2222:localhost:22 @

If it succeeds, it is done. In the future, all you need is port 2222 from ssh to the transit server to connect to the router. Finally, with local port forwarding, many private network machines can be connected. As shown below:

Add a router for local port forwarding, so that devices such as Surface and iPad can happily penetrate into the intranet.

This is the end of the article on "how OpenWRT penetrates the intranet". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.