VPN'ing local and remote mysql servers.

[fivefeet8]

Is it possible to have a remote server running php scripts to access a local mysql server behind a firewall with the use of the VPN connection on the clients computer?

Essentially, the only way the remote server can access the local mysql server is if the client has connected to the local network with a VPN connection or is using a computer on the local network. The remote server would need to direct it's connection query through the clients VPN tunnel.

If it's not possible, are there other ways of doing this without opening ports on the local firewall.

[evilghost]

Wrap it over a SSH tunnel or use stunnel?

[fivefeet8]

Quote:

Originally Posted by evilghost

Wrap it over a SSH tunnel or use stunnel?

How would that be done? Both local and remote servers are running Unix based OS's with mysql.

[evilghost]

Quote:

Originally Posted by fivefeet8

How would that be done? Both local and remote servers are running Unix based OS's with mysql.

[From Local Machine]
ssh -f -C username@remote_machine_ip -L 33060:local_ip_of_remote_machine:3306 -N

This would bind the local TCP socket of 33060 to MySQL on the remote machine.

Basically, you would point the application to localhost:33060 and this in turn would tunnel traffic across SSH with compression enabled to the remote machine on dport 3306.

You could use key-based authentication to avoid having to enter a username/password.

[fivefeet8]

Quote:

Originally Posted by evilghost

[From Local Machine]
ssh -f -C username@remote_machine_ip -L 33060:local_ip_of_remote_machine:3306 -N

This would bind the local TCP socket of 33060 to MySQL on the remote machine.

Basically, you would point the application to localhost:33060 and this in turn would tunnel traffic across SSH with compression enabled to the remote machine on dport 3306.

You could use key-based authentication to avoid having to enter a username/password.

Hmm. Didn't seem to work. The remote server is actually where the PHP scripts will be running. The problem is, they need to be able to access the Mysql database server on a local server. I know I could open some firewall ports to allow them access, but the system Admin would rather not.

The idea is that if a user wants to get information from the local mysql server, he/she would need to VPN into our network first before logging into the site located on the remote server with the PHP pages and scripts. Once that happens, the php on the remote server needs to be able to check if a VPN connection has been made into our local network. Then and only then will the remote server scripts have access to the local mysql server.

My system admin has proposed we include some php scripts on the local apache web server as well. These local php scripts will retrieve information from the local mysql server. The remote server would then not have to make a direct connection to the local mysql server, but merely check if a user is connected to our network via VPN, or is at a workstation on the network. Then redirect the user to the local web server. The local web server is private and cannot be seen from outside our private network.

How would a remote server be able to check a user's connection? Is there another way besided checking IP's.