Join Log in
Score:0
Daria Romanova avatar Server

Connecting to server via VPN

cl flag
Daria Romanova

There is a server with connection via VPN to it (using GRE protocol). I have got a problem to connect to this VPN from home network, because GRE is not allowed by provider. But I have got another work server (with SSH connection to it from home) in other network from which I can connect to server in VPN. Is there any way to make tunnel to connect from home to VPN-server through work-server? SSH connection is anouth for me. Home computer and work-server have ubuntu operating system, vpn-server is under centos.

35
0 + 0
vpn
ssh
gre
Score:0
avatar Server
np flag
NStorm

That is definitely possible. As you are telling that you need an SSH only, probably the most easy way would be to set up a GRE connection from your "another work server" (let's call it Server B) to your first server which accepts GRE (calling it Server A). Once you've done it and it can SSH from Server B to Server A you can just chain it from your home. I.e. first connection to Server B SSH and then just SSH to a Server A from there.

If you would like to have SSH connection without that chain, you have to set up some sort of routing and/or port forwarding (NAT) on the Server B. Exact configuration are greatly dependent on your configuration and would be out of scope of this question.

0 + 0
Score:0
Kamil J avatar Server
it flag
Kamil J

Once you can reach the work server you can easily do that.

Assumption for the example

  • source system (at home) : 10.0.0.1
  • work system (jump server) : 10.0.0.2 (ssh is running on standard port 22/TCP)
  • destination server : 10.0.0.3 (ssh is running on standard port 22/TCP)
  1. port forward via server B

With opening the ssh tunnel you can set local port forward (-L [<local_addr>:]<local_port>:<remote_addr_to_forward_to>:<remote_port_to_forward_to> ). Then you can open another ssh connection pointing <local_addr> but with parameter -p <local_port> or the first tunnel. With this configuration:

  • the first tunnel have to be up to the rest is working
  • you can have more connection over the first tunnel (more ssh connections, scp connection,...)
(1) ssh -L 10022:10.0.0.3:22 10.0.0.2
(2) ssh -p 10022 127.0.0.1
(3) scp -P 10022 <local_file> 127.0.0.1:<destination_file>

+-----+        +-----+        +-----+
|  A  |=== 1 ==|  B  |        |  C  |
|     | -- 2 - | -2- | - 2 -> |     |
|     | -- 3 - | -3- | - 3 -> |     |
|     |========|     |        |     |
+-----+        +-----+        +-----+
10.0.0.1       10.0.0.2       10.0.0.3
  1. native ssh connection using "native" jump host

ssh offer "native" support for this kind of connection using -J <destination> parameter. For the specification of destination is recommended to use config (~./ssh/config) file.

The example of the code would be (the outer connection is "transparent")

(1) ssh -J 10.0.0.2 10.0.0.3

+-----+        +-----+        +-----+
|  A  |========|  B  |        |  C  |
|     | -- 1 - | -1- | - 1 -> |     |
|     |========|     |        |     |
+-----+        +-----+        +-----+
10.0.0.1       10.0.0.2       10.0.0.3
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.