Archive

Archive for February, 2013

Client OpenVPN as NAT Gateway Router to Local Network

February 19, 2013 Leave a comment

An OpenVPN server exists on the Internet. This is how an individual client will expose to all other clients of the VPN its private network.

The private network is 192.168.99.0/24. Create a ubuntu server installation.

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install openvpn

Go to the VPN server and login admin. Configure your user profile as Admin/Auto-login and:

openvpn-client-gateway

(not sure Admin is that important, need to remove and test)

The VPN server will now tell all clients that it will handle traffic for 192.168.99.0/24. Your client profile is now configured as a gateway for 99.0/24, so the server will NAT all traffic down the VPN to your client. However, your shiny new ubuntu client must then NAT the server traffic onto 99.0/24.

From http://codeghar.wordpress.com/2012/05/02/ubuntu-12-04-ipv4-nat-gateway-and-dhcp-server.

Everything up to Install DHCP server. Basically just enable routing and add the NAT iptables rules.

I like this post for creating your iptables https://wiki.debian.org/iptables

Log into the http openvpn server (LOGIN not CONNECT). Download your autologin profile, rename to .txt, open with WordPad (not Notepad).

Place the contents of this file in /etc/openvpn/client.conf on the ubuntu client.

Start OpenVPN client:

cd /etc/openvpn/
sudo openvpn client.conf

Advertisements
Categories: Uncategorized

Fun with SSH

February 13, 2013 Leave a comment

The more I use SSH the more I like it.

This post is along the same lines as my previous Git post regarding SSH tunneling to access a Git repository while behind a firewall.

I want remote access to my home ESXi server, and all it’s running instances. To do this, I will achieve RDC to a Win7 instance running on the server, install vSphere Client, and SSH to any Linux instances.

To achieve RDC I configured my ADSL modem to DMZ my DD-WRT router. I connected externally to DD-WRT via the web interface. So far so good. I then created a RDP port forward rule to my Win7 instance. Trying to connect failed.

When attempting this from work I ran into the same issue that the corporate firewall does not allow outbound connections on 3389 (RDP). Therefore my RDC client will never hit the port forward rule on dd-wrt, it can’t even get to the Internet.

I only have a few outbound ports to work with, 80 (http), 443 (https), and maybe 22 (ssh)????

Back on the DD-WRT web interface I enabled the SSH server. From my remote computer I successfully accessed my router via SSH. GREAT, I have the mechanism to poke an outbound hole in the corporate firewall.

A little research, including my previous Git/SSH post and this http://www.dd-wrt.com/wiki/index.php/Telnet/SSH_and_the_Command_Line

Essentially I used my local SSH client (PuTTY) to connect to the DD-WRT SSH Server. This connection, then creates a Local ssh tunnel, from my local port 1234 to the destination Win7:3389.

It’s important to use the word Destination instead of Remote, because there is a difference between Local port forwarding to a Destination and Remote port forwarding. The above dd-wrt-com link has a good explanation of the two.

So once I configured PuTTY properly and opened the SSH session, I then fired up RDC and connected to localhost:1234. This connection looked like this:

[work]->[corp firewall]->[Internet]->[DSL Router]->[dd-wrt]->[Win7]
or
[localhost:1234]->[ssh tunnel]->[Win7:3389]

The forwarded port in PuTTY was configured as such:

PuTTY.SSH.RDP

4L1234 192.168.2.200:3389

This essentially says:

4 – IPv4
L – Local forward
1234 – Local port that will be forwarded

192.168.2.200:3389 – The forward Destination. Where the SSH Server will forward this tunnel to.

Categories: Uncategorized