by wintpe » Feb 9th, '16, 02:18
if you have a fixed address, and you care about you security, then a vpn gives the most flexible
option.
ssh is realy a single port vpn, in a way, the only difference between ssh and a vpn, is you redirect your clint to use
ssh tunnel via a single port.
ie 127.0.0.1:8080
whereas a vpn you redirect via a route, so that all traffic destined for 192.168.1.0/24 goes via tun0
setting up a vpn is a little harder than ssh, but possibly attracts less attention, an ssh port open will be a constant
attack target of regular port and brute force attempts, even if never successfull.
remember if you go the ssh route remember to set it up for rsa key only authentication,
not interactive password.
back to vpn, i installed on my network an asus router, and installed ddwrt
then setup a port forward, you can use any port as the listener on your gateway, then redirect that to the vpn server on the ddwrt
device.
lookup creating certificates in linux, to create your crt, and host specific public key private key pair.
as you would need these on any vpn target server you setup.
wether you choose a host on your network or a ddwrt device, maybe a rasberry pi for example, plenty of choices.
using a standalone device frees you to upgrade and change other stuff without loosing your remote access.
regards peter
Redhat 6 Certified Engineer (RHCE)
Sometimes my posts will sound short, or snappy, however its realy not my intention to offend, so accept my apologies in advance.