Candela Technologies Logo
Network Testing and Emulation Solutions

Set up an SSH-tunnel on Windows, Linux, or Mac

Goal: Connect to a LANforge Linux system via a compressed tunnel connection

When connecting to your remote LANforge hardware (presumably accessible over a VPN) you will notice poor response time and lag in your LANforge GUI or your VNC connection. Many VPN connections are based on UDP protocols and packet loss might be affecting your connection quality. Below we explain how to set up SSH tunnels that increase the quality of your connection.
 
  1. Linux SSH tunnel Setup
    1. From the computer that you are trying to connect your SSH tunnel from, open the .bashrc file from '/home/user/'. The .bashrc file can be opened via gedit, vim, or nano. This .bashrc file is where the alias will be setup to properly invoke your ssh. screenshot
    2. Once the .bashrc file is open, type in your alias in any blank spot (that is not within another for-loop or definition). Flags used in the bash alias creation example below are as followed:
      1. -C = Requests compression of data. This is desirable for slower connections. Recommended.
      2. n = redirects stdin /dev/null. Required when SSH is running in the background.
      3. N = do not execute a remote command, useful for forwarding ports.
      4. v = Verbose mode. Causes SSH to print debugging messages about its progress.
      5. -L = bind_address:port:host:hostport format. Use this flag multiple times to forward multiple ports with one command.
      6. Please visit the SSH man page for further flags and switches:https://linuxcommand.org/lc3_man_pages/ssh1.html
    3. The generic setup of bash aliases for SSH are ssh -flags localport:ipaddress:remoteport. In the example included above we've included the following ports for the according reasons: screenshot
      1. 4001 -- perl scripts use this for ascii connection to LANforge server
      2. 4002 -- GUI uses this for binary connection to LANforge server
      3. 5901 -- VNC port for display :1
      4. 4131 -- local port for perl scripts to connect to .92.12
      5. 4132 -- local port for GUI to connect to .92.12
      6. 5903 -- local port for VNC to connect to .92.12
    4. Further example ssh aliases include: screenshot
      1. alias FreyaTunnel="ssh -CnNv -L 5903:192.168.0.6:5901 -L 4131:192.168.0.6:4001 -L 4132:192.168.0.6:4002 lanforge@192.168.0.6"
      2. alias SaltTunnel="ssh -CnN -L 4001:192.168.200.18:4001 salt@10.253.1.6"
    5. After editing the .bashrc file, source the file in order for the changes to be applied. This will enable the code without the need to turn off and restart the device. screenshot
    6. In order for our machine to remember certain passwords and access configurations, some additional edits in the ~/.ssh/config file or $HOME/.ssh/config.
    7. Next, this ssh connection will require an ssh key. This means that one needs to be generated. The private key and public key of the key pair must be saved to the local computer while only the public key of the pair must be saved to the remote server.
    8. Add your SSH key to the device being forwarded. Finally, add your public key that you generated earlier via SSH. This can be done by typing in ssh-copy-id user@ipaddress (see below example). screenshot
    9. Once the alias is added to .bashrc file and the ssh key is added to the remote device, open any terminal and simply type in the alias name. This will initiate the tunnel. For example, "FreyaTunnel" in this example would be the alias typed into any terminal. This should incur an instance of your tunnel.
  2. Windows SSH tunnel Setup
    1. There are many ways to set up an SSH tunnel, however, this cookbook will utilize PuTTy. screenshot
    2. Once PuTTY is downloaded, configure the SSH connection before adding the tunnel.

      For more information see Connecting with PuTTy.

    3. Once your session is setup, select your session that was just saved from the last cookbook, then on the left-hand panel, select Connection -> SSH -> Tunnels. screenshot
    4. After setting up the tunnel, select SSH and enable compression. This will ensure that the tunnel uses data compression. screenshot
    5. Once all the settings desired are configured, select Session, highlight the session again in Saved Sessions and hit Save for the new session settings. This will make sure that the next time logged in will include all the settings here. screenshot
    6. Now, the session is saved and can be opened by clicking Open

Candela  Technologies, 2417 Main Street, Suite 201, Ferndale, WA 98248, USA
www.candelatech.com | sales@candelatech.com | +1.360.380.1618
Facebook | LinkedIn | Blog