Connecting to server via VPN

Question

There is a server with connection via VPN to it (using GRE protocol). I have got a problem to connect to this VPN from home network, because GRE is not allowed by provider. But I have got another work server (with SSH connection to it from home) in other network from which I can connect to server in VPN. Is there any way to make tunnel to connect from home to VPN-server through work-server? SSH connection is anouth for me. Home computer and work-server have ubuntu operating system, vpn-server is under centos.

score 0 · Answer 1 · answered Oct 05 '21 at 10:28

That is definitely possible. As you are telling that you need an SSH only, probably the most easy way would be to set up a GRE connection from your "another work server" (let's call it Server B) to your first server which accepts GRE (calling it Server A). Once you've done it and it can SSH from Server B to Server A you can just chain it from your home. I.e. first connection to Server B SSH and then just SSH to a Server A from there.

If you would like to have SSH connection without that chain, you have to set up some sort of routing and/or port forwarding (NAT) on the Server B. Exact configuration are greatly dependent on your configuration and would be out of scope of this question.

score 0 · Answer 2 · answered Oct 06 '21 at 00:50

Once you can reach the work server you can easily do that.

Assumption for the example

source system (at home) : 10.0.0.1
work system (jump server) : 10.0.0.2 (ssh is running on standard port 22/TCP)
destination server : 10.0.0.3 (ssh is running on standard port 22/TCP)

port forward via server B

With opening the ssh tunnel you can set local port forward (-L [<local_addr>:]<local_port>:<remote_addr_to_forward_to>:<remote_port_to_forward_to> ). Then you can open another ssh connection pointing <local_addr> but with parameter -p <local_port> or the first tunnel. With this configuration:

the first tunnel have to be up to the rest is working
you can have more connection over the first tunnel (more ssh connections, scp connection,...)

(1) ssh -L 10022:10.0.0.3:22 10.0.0.2
(2) ssh -p 10022 127.0.0.1
(3) scp -P 10022 <local_file> 127.0.0.1:<destination_file>

+-----+        +-----+        +-----+
|  A  |=== 1 ==|  B  |        |  C  |
|     | -- 2 - | -2- | - 2 -> |     |
|     | -- 3 - | -3- | - 3 -> |     |
|     |========|     |        |     |
+-----+        +-----+        +-----+
10.0.0.1       10.0.0.2       10.0.0.3

native ssh connection using "native" jump host

ssh offer "native" support for this kind of connection using -J <destination> parameter. For the specification of destination is recommended to use config (~./ssh/config) file.

The example of the code would be (the outer connection is "transparent")

(1) ssh -J 10.0.0.2 10.0.0.3

+-----+        +-----+        +-----+
|  A  |========|  B  |        |  C  |
|     | -- 1 - | -1- | - 1 -> |     |
|     |========|     |        |     |
+-----+        +-----+        +-----+
10.0.0.1       10.0.0.2       10.0.0.3

Connecting to server via VPN

2 Answers2