Windows – Tunnel windows VPN through SSH

debiansshssh-tunnelvpnwindows

Ok here is my issue…

I want to connect to a VPN via pptp on Windows XP however it is behind a firewall that I have no control over. I am able to make SSH connections.

I wish to VPN to a server I have no control over however allows VPN access. Let's say it has an IP of 193.60.20.50 for arguments sake.

I have an intermediate server running Debian Wheezy that I have complete control over and can SSH to from the Windows machine. Let's say it has an IP of 212.74.214.28 for arguments sake.

How do I tunnel the VPN connection from the windows machine, through my intermediate server to the final server? I am guessing this is possible using SSH tunneling in PuTTY. However I have no idea what iptables rules I require on the intermediate server to allow the traffic to pass through.

So far I have set PuTTY to forward port 1723 to 193.60.20.50:1723 this appears to be working as the VPN connection returns an error immediately as opposted to when the tunnel is turned off and it attempts to connect for an extended period of time before throwing an error. However I believe my iptables rules are denying the connection.

My iptables rules currently (I have highlighted the specific rules I have added in trying to solve this):

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-ssh-ddos  tcp  --  anywhere             anywhere             multiport dports ssh
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             loopback/8           reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:1723
ACCEPT     gre  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:http-alt:8090
ACCEPT     udp  --  anywhere             anywhere             udp dpts:60000:61000
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:1723
ACCEPT     gre  --  anywhere             anywhere

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-ssh-ddos (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Best Answer

You cannot Tunnel GRE through ssh. ( https://superuser.com/questions/657758/is-it-possible-to-tunnel-pptp-over-ssh )

I would advise you to use a setup of MyEnTunnel and Proxifier. MyEnTunnel is optional, you can do it with Putty too.

You could tunnel OpenVPN in TCP mode over SSH though.

Related Topic