SSH Tunnel to Virtual Machine connected to VPN

sshssh-tunnelvpnwindows-server-2008windows-server-2012

I have a VM running Windows Server 2012 that is used by our dev team to test the application they are working on. Every developer has its own VM and this VM must be connected to a VPN to access some services (like TFS). The VM have a SSH service running that the developers use to control the application server app state (start, reset, etc).

The problem is that developers use the TFS for source code management and for activity tracking, and they complain that they must use the VM to access their tasks in TFS due to the VPN (note: the VPN client cannot be installed in the host machine due to company policies).

I would like to create a tunnel from the host machine to the guest machine (vm), in order to access the TFS website (something like https://TFSServerOverVPN:8080/ProjectX) over vpn:

HOST Machine –> Putty SSH-Tunnel –> VM –> VPN –> TFS Server Web Site

Is it even possible? Are there other options to archive this?

Thanks!

Best Answer

Plink might be easier to configure than PuTTY.

plink -vCNL 127.0.0.1:8080:addressOfTFSServerOverVPN:8080 -l userNameInVM addressOfVM

You may use -pw or -i options to skip inputting password, and run plink.exe directly in cmd to check other options.

Than the access to https://127.0.0.1:8080/ProjectX will be forwarded to https://TFSServerOverVPN:8080/ProjectX.

PS: If TFSServerOverVPN is a virtual host, you might need to bind 127.0.0.1 to TFSServerOverVPN in the hosts file of HOST Machines.

Related Solutions

Ssh – Tunneling into vpn using squid and ssh-tunnel

20:40:11.245849 IP 192.168.237.1.43253 > 172.30.3.93.https: Flags [S], seq 885758311, win 13720, options [mss 1372,sackOK,TS val 34964016 ecr 0,nop,wscale 7], length 0
20:40:11.467567 IP 172.30.3.93.https > 192.168.237.1.43253: Flags [S.], seq 1102840217, ack 885758312, win 5792, options [mss 1380,sackOK,TS val 4294961122 ecr 34964016,nop,wscale 2], length 0
20:40:11.467591 IP 192.168.237.1 > 172.30.3.93: ICMP 192.168.237.1 tcp port 43253 unreachable, length 68

First line says that your machine sent SYN flag i.e. [S] to initiate handshake with the server(segment sequence number 885758311).

Second line says that server has acknowledged with Flag [S.] to your machine's SYN request(ack 885758312 i.e 885758311+1).

I am not sure about the third line but I think it says that destination host(your machine) is informing sending host(remote machine) that the requested port i.e. 43253 is not reachable. So there must be something in your firewall that is rejecting this connection. Check the firewall rules.

Windows – Tunnel windows VPN through SSH

You cannot Tunnel GRE through ssh. ( https://superuser.com/questions/657758/is-it-possible-to-tunnel-pptp-over-ssh )

I would advise you to use a setup of MyEnTunnel and Proxifier. MyEnTunnel is optional, you can do it with Putty too.

You could tunnel OpenVPN in TCP mode over SSH though.

Best Answer

Related Solutions

Ssh – Tunneling into vpn using squid and ssh-tunnel

Windows – Tunnel windows VPN through SSH

Related Topic