Pseudo-VPN using CocTunnel + Network Beacon on OSX

Network Beacon
I started working in an office again last Fall and found myself wanting to access my home machine often. It was time to finally set up some sort of VPN. My home machine is a Mac mini attached to a projector and a Drobo. I have an iPad, phone, and work laptop, but that’s the extent of the computing devices I use at home. I use the mac mini essentially headless, accessing it via OSX’s built in Screen Sharing and file sharing. I wanted to recreate that experience remotely.

I’d looked at GUI SSH tunnel management on OSX before but was never really happy with it. CocTunnel is a brand new project though and super solid¹. I am a bit paranoid about opening ports on my router so the first thing I did was turn off password SSH access. sshd will drop anything that isn’t public key now. I also associated it with a non-standard port on my router. When CocTunnel connects to my home machine it forwards the ports from the three services I regularly use: 3689 for iTunes library sharing (daap), 548 for Apple File Protocol (afp), and 5900 for Screen Sharing (remote frame buffer, rfb).

The final piece to make the experience seamless is Network Beacon. Network Beacon lets you advertise any arbitrary Bonjour service. I created a beacon for each of the three services and their ports named the same way they appear on my home network (pictured above). Now if I open Finder, my server appears just like it does at home. I can mount filesystems, share screens, or stream the iTunes library.

In the future I’ll probably investigate iVPN and ShareTool, the latter of which sounds like absolute magic.

Keep in mind: the amount of fun you have with any of these solutions is entirely dependent on your home connection’s upload speed.

Footnote 1: The developer says it’s pronounced “Ci Oh Ci Tunnel”. It gets it’s name because it’s built Cocoa, so you could say “Coke Tunnel”. I’m a sporting man myself and say “Cock Tunnel” like an adult.


2 thoughts on “Pseudo-VPN using CocTunnel + Network Beacon on OSX

  1. random guy says:

    Randomly ended up on your site and saw this on the front page.

    I run this same sort of setup using Network Beacon (including the headless mini funnily enough) but my DSL modem supports terminating L2TP over IPSEC tunnels. So I’ve got that part covered until Lion + $29 server comes out (allowing me to move that from the modem to the home mac itself). Although my mini is PPC (on 10.5) so he’s due for replacement anyway

    One other cool trick with network beacon… since storage is SOOO cheap these days I have a disk on one of our other machines at the office that I have made look like my mac mini’s shares at home via MDNS fakery with Network beacon.

    Doesn’t have to be a dedicated disk or even shared from the other machine with the same name as my shares on the mini at home. Network beacon takes care of that.

    The reason for this is that I moved our itunes media to that share. Which means if I want to sync my iphone at work itunes bitches about not being able to see that volume from home.

    So I just make sure that the NB I run locally calls the share from the office system the same thing and that the file paths all match too. I have a 3rd volume I can shuttle back and forth and use rsync to catch the one in the office up. Generally it’s too much data to do it using rsync over the net between home machine and office share clone but that’s also an option.

    Oh and for sport… turns out that MDNS-advertised printers are equally validated. I’ve found it possible to sniff for macs probing for a printer and to then create a fake version of that printer with NB that points to a local shared printer queue. Basically you can grab people’s pending print jobs. good times good times.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.