hint : vpn over vpn
http://superuser.com/questions/173821/vpn-through-vpn
The target VPN server I want to connect to allows connections only from one IP address.
When I am at my office (the network public IP is trusted on the VPN server) everything is OK, but I figured that when I am at home I could do the following:
Connect to office VPN (using built in windows VPN client)
When I do it I have 2 active network interfaces:
home network
office network (VPN)
Connect to target VPN (using custom VPN client)
If the VPN server sees my office IP, it should let me in.
Unfortunately, I get rejected. The strange thing is, I made it work this way:
I connect to VPN at my office
I start a bridged virtual machine
I connect to target VPN in the virtual machine
and it works.
Probably, all virtual machine traffic is routed through the office VPN connection.
My question is, how can I make it work without the virtual machine?
system: Windows XP VPN client: Check Point VPN-1 Connection settings: IKE over TCP, Force UDP encapsulation
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Since you're using Windows XP, we'll work with Windows commands.
From the Command Prompt on your workstation, type route print - you should get something like this:
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...08 00 27 c3 52 ca ...... AMD PCNET Family PCI Ethernet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.89 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.89 192.168.1.89 20
192.168.1.89 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.89 192.168.1.89 20
224.0.0.0 240.0.0.0 192.168.1.89 192.168.1.89 20
255.255.255.255 255.255.255.255 192.168.1.89 192.168.1.89 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
You can get additional documentation on the route command here:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/route.mspx?mfr=true
What you can do is set a route for your connection to the VPN service. Let's say you are on the 192.168.1.0 network, and you have a gateway on your office network at 10.10.10.5 configured to access the VPN service on the 72.21.211.1/24 network. You would use "route add" like this:
route ADD 72.21.211.1 MASK 255.255.255.0 10.10.10.5
Your routing table should now reflect that change, and all traffic to the 72.21.211.0 range will now be sent over to the office gateway.
The route add change will only persist across reboots if you add it with the -p flag:
route -p ADD 72.21.211.1 MASK 255.255.255.0 10.10.10.5share|improve this answer edited May 28 '11 at 15:05
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
It much depends on scripts on server & system etc. But the base of system would be something like:
192.168.1.0/24 dev eth0 proto kernel scope link
parent.vpn.server via 192.168.1.1 dev eth0
10.0.0.0/24 dev ppp0 proto kernel scope link
child.vpn.server via 10.0.0.1
10.0.1.0/24 dev ppp1 proto kernel scope link
where:
eth0 is local interface with address from network 192.168.1.0 (192.168.1.1 gateway)
ppp0 is point-to-point interface to parent (home) server and address from 10.0.0.0/24 network (10.0.0.1 gateway)
ppp1 is point-to-point interface to child (work) server and address from 10.0.1.0/24 network (10.0.1.1 gateway)
Please note that:
Network cannot overlap
Routing table may need to be set 'manually' (by script etc.). I've gave iproute2 format of sample routing table.
Interface names can vary.
Correct syntax for using
Posted on October 5, 2006 | 4 Comments
I’m posting the following more for my own benefit and reference than anything else…
Correct syntax for SSH and SFTP on Ubuntu on irregular ports: (replace items in < > with your stuff, without the < >)
SSH:
ssh -p
