> if the machines are within the LAN, yes. My original point was that if you > have a static IP address for your local LAN *and* you want to restrict the > *remote* machines to be ssh-connectable only from that LAN (which is a > good security measure) *and* you are on the road you can still work on > your remote machine by VPNing into your LAN. There are other solutions, > but VPN is probably the easiest one as most SOHO routers should be able to > terminate a VPN and it's likely that you want to connect to your LAN via > VPN for other purposes, anyway. Doing that for the machines *within* your > LAN is granted. > > openvpn is perfect for this sort of situation -