How I use my personal laptop for development when I should use the corporate one

Photo by freestocks on Unsplash
  • Blocked updates which made impossible getting WSL2 working.
  • VPN connection that tunnels all your traffic (internet and intranet). The VPN client is FortiClient and requires username, password and an SMS code. After each restart. Annoying.
  • Windows Defender and 3rd party Antivirus and a bunch of other processes that can’t be turned off.
  • When “idle”, the system eats 4GB of RAM. The machine is pretty powerful but turned slower by the system processes.
  1. Make corporate intranet accessible from my browser (tools like Jira, Gitlab, chats and the app I co-develop, all are in corporate intranet and accessible only through VPN).
  2. Make internet accessible from browser without sending my traffic through the corporate VPN. This is not a must, only a strong personal preference. Usually, when you are connected to a VPN, all the traffic goes to that tunnel. And I don’t want that.
  3. Execute git commands with ssh from console (git repositories can be accessed only though VPN).

My Solution

  1. For accessing corporate intranet from my laptop’s browser I forwarded HTTP requests to a HTTP proxy which I deployed on the corporate Windows machine. This proxy forwards to the Fortinet SSL VPN interface all the HTTP traffic coming from the WIFI interface. This means that both laptops must be connected to the same router (WIFI or Ethernet).
  2. For accessing the internet without sending the traffic through the corporate VPN, this traffic shouldn’t be forwarded to the proxy introduced at point 1, obviously. tinyproxy is a proxy capable to route HTTP traffic according to some rules I will present later. Installed on my Linux laptop, it is responsible to forward the traffic for intranet to the Windows proxy introduced at point 1 and the rest of the traffic to internet.
  3. The git repositories are hosted by the corporation internally with a self hosted GitLab instance which can be accessed only through VPN. In order to be able to clone them via SSH I installed a SOCKS5 proxy on the corporate Windows laptop and configured git on my Linux laptop to send the traffic to it.
   Internet                   
^
|
PERSONAL LINUX LAPTOP
+----|--------------------+
| | Browser & |
| | /-HTTP Apps |
| +--|---+ /- |
| |HTTP |<- |
| |Proxy | |
| +--|---+ Git commands |
| | | |
+----|---------|----------+
| |
| |
| |
CORPORATE WINDOWS LAPTOP
+----|---------|----------+
| | | WIFI IF|
+----|---------|----------+
| | | |
| +--v---+ +---v--+ |
| |HTTP | |SOCKS5| |
| |Proxy | |Proxy | |
| +--|---+ +---|--+ |
| | | |
+----|---------|----------+
| | Fortinet SSL VPN IF|
+----|---------|----------+
| |
v v
Intranet
  • tinyproxy is the HTTP proxy I installed and configured on my personal Linux laptop. I use it as system wide proxy, meaning that apps (including browser) send the HTTP requests to it. When it receives a request, tinyproxy checks the destination hostname and forwards the request to internet or to the parent proxy running on the corporate Windows laptop, according to some rules I set.
  • openbsd-netcat is a utility installed on my personal Linux laptop I use to override the ssh command used by git commands in order to send the traffic to the SOCKS5 proxy running on Windows.
  • FreeProxy is a software I installed on the corporate Windows laptop that allows running both a HTTP and a SOCKS5 proxy at the same time (on different ports). FreeProxy is used as the parent proxy for tinyproxy. It forwards the HTTP requests (including those coming from tinyproxy) and TCP requests (including those from git commands) to intranet.
Create HTTP proxy server with FreeProxy
  1. Type in any name you want or just keep it simple with “http”.
  2. Select the type of the proxy: “HTTP Proxy”.
  3. Type the port “2345".
  4. Choose the interface connected to your local network. Most probably yours doesn’t look like mine. The requests from the personal laptop will come in through this interface.
  5. The IP address should be automatically added after you choose the network interface at 4.
  6. Choose the VPN interface — where HTTP requests will be forwarded to.
  7. The IP address should be automatically added after you choose the interface at 5.
  8. Done.
Create SOCKS proxy server with FreeProxy
  1. Type a name.
  2. Choose the “SOCKS” option for proxy type.
  3. Type the port “23450”.
  • Debian/Ubuntu: sudo apt-get install tinyproxy
  • Arch: sudo pacman -S tinyproxy
  • CentOS/Fedora: sudo yum install tinyproxy
Port 2345
...
upstream http <windows-laptop-ip>:2345 ".intranet.domain"
...
  • windows-laptop-ip is the IP of the local network interface from the corporate Windows laptop. As I previously stated, both laptops must be connected to the same local network. As you already saw on Step 1, in my case it’s 192.168.0.104.
  • 2345 is the port on which the Windows HTTP proxy will run. It has the same value I chose for tinyproxy but that’s just my personal preference.
sudo systemctl enable tinyproxysudo systemctl start tinyproxy
git clone <repo-url>
git -c core.sshCommand='ssh -o ProxyCommand="nc -X 5 -x <windows-laptop-ip>:23450 %h %p"' clone <repo-url>
git config --local core.sshCommand 'ssh -o ProxyCommand="nc -X 5 -x <windows-laptop-ip>:23450 %h %p"'

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Journey of An Engineer From X To 3X — What, Why And When

Is it better to use free and open source components or paid components or develop from scratch for…

How to Create a Free Azure Account Step by Step

How we put TiltBrush art into AR

Red Hat OpenShift Container Platform UPI on GCP

Regex Parentheses: Examples of Every Type

DevOpsSec needs good engineers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
devtud

devtud

More from Medium

Introduction to the Linux World #1

Live Free

Five Linux commands to make Web Developer’s Life Easy

Learn the basics of Penetration Testing: HTB: Ignition