Access the NTG Lab via ZeroTier

  • One method of accessing the NTG Lab is via the Jump Server, mentioned in another article. This is handy and great when you want to keep the lab at arm's length or when you need to access something quickly and casually. For more intense projects, faster work or when you plan to be working in the lab for an extended period of time it may be more efficient to access the lab through a VPN. This provides for more robust networking options and direct access to servers. This option is not for everyone as it, quite obviously, causes a cross exposure between end lab users and the environment. As this is a lab it is not tightly controlled and therefore is a risk, especially if accessed from a general purpose remote computer.

    As such, the recommended approach to working with the lab via VPN is to build either a dedicated workstation for accessing it or, far more reasonably, to create a dedicated virtual machine that can be limited to only the tools that you want to use for accessing the lab and will run the VPN (we use ZeroTier.) This provides a nice, sandboxed access machine to protect you while providing access as if you were inside of the lab. Very practical.

    The best approach for this is to install a Linux distribution, such as Linux Mint. Whether you need access through SSH, RDP, VNC, NX, X, HTTP/HTTPS or most other protocols these are baked in, easy to use and available for free. Running in VirtualBox makes it all very simple and easy. There is good mouse integration so moving between things is nearly transparent.

    By using ZeroTier in the lab we are able to bypass external exposure and make the lab easily accessible without needing to generically expose the entire IP space. Lab machines need to be added to ZeroTier individually, so ZT is not ubiquitous allowing for more testing scenarios, but all ZT machines are in the same IP space so services can be provided across the lab very easily.

    Access to the ZT network is restricted. So after setting up ZT on a VM, contact me to admit you to the lab on the ZT network. Once you connect, you'll see lab resources as if you were sitting right in the lab with them.

  • Tagging @IRJ @WrCombs @Romo