Ok here is my issue…
I want to connect to a VPN via pptp
on Windows XP however it is behind a firewall that I have no control over. I am able to make SSH connections.
I wish to VPN to a server I have no control over however allows VPN access. Let's say it has an IP of 193.60.20.50
for arguments sake.
I have an intermediate server running Debian Wheezy that I have complete control over and can SSH to from the Windows machine. Let's say it has an IP of 212.74.214.28
for arguments sake.
How do I tunnel the VPN connection from the windows machine, through my intermediate server to the final server? I am guessing this is possible using SSH tunneling in PuTTY. However I have no idea what iptables
rules I require on the intermediate server to allow the traffic to pass through.
So far I have set PuTTY to forward port 1723
to 193.60.20.50:1723
this appears to be working as the VPN connection returns an error immediately as opposted to when the tunnel is turned off and it attempts to connect for an extended period of time before throwing an error. However I believe my iptables
rules are denying the connection.
My iptables
rules currently (I have highlighted the specific rules I have added in trying to solve this):
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh-ddos tcp -- anywhere anywhere multiport dports ssh fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh ACCEPT all -- anywhere anywhere REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:1723 ACCEPT gre -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpts:http-alt:8090 ACCEPT udp -- anywhere anywhere udp dpts:60000:61000 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:1723 ACCEPT gre -- anywhere anywhere Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-ssh-ddos (1 references) target prot opt source destination RETURN all -- anywhere anywhere
Best Answer
You cannot Tunnel GRE through ssh. ( https://superuser.com/questions/657758/is-it-possible-to-tunnel-pptp-over-ssh )
I would advise you to use a setup of MyEnTunnel and Proxifier. MyEnTunnel is optional, you can do it with Putty too.
You could tunnel OpenVPN in TCP mode over SSH though.