VPN laptop as proxy gateway for Intranet computers truss bridge/bypass


I have a Windows 7 Enterprise VPN laptop to access my client's VPN network. During VPN session the laptop can not accept any request from my Intranet even if I open any door using Windows Firewall Inbound Rules. However, during VPN session the laptop can connect anywhere inside my Intranet using direct local IP:port.

Here's the thing:

I want to use my client's VPN laptop as a proxy for other non-VPN computers inside my Intranet.

Installing a proxy didn't work since other Intranet computers can not access any port during VPN session on the VPN laptop. Is there any kind of proxy tunneling with server/client support in Windows, Java or Linux?

I was thinking some kind of app in the VPN laptop connecting to one of my Intranet's PCs, then use this PC as a proxy server and forward requests from Intranet to VPN.

Do I make sense? Is there something ready to use?

Best Answer

Your scenario describes the exact use case for SSH with reverse gateway port forwarding. Here's one possible example of its implementation:

1) Setup a Linux computer on your intranet and install OpenSSH server there (IIRC, it must be fresh enough to support SSHv2).

2) Configure SSHd to enable gateway ports by setting line "GatewayPorts yes" in /etc/ssh/sshd_config. Don't forget to restart sshd.

3) Install PuTTY SSH client to your VPN laptop.

4) To enable connection to particular port $Port of VPN laptop from other intranet computers, create a tunnel by running this command on VPN laptop:

putty $LinuxIP -R $Port:localhost:$Port -N

Your Linux gateway will listen on the first port from -R option then forward it to the second port from -R option of your VPN laptop. In my example both ports are the same for simplicity. -N option prevent putty from running shell after creating the tunnel.

If you need multiple ports to forward, supply multiple -R options in the same format. I also recommend to wrap this command by .BAT script loop to restore the tunnel automatically upon broken network links.