daniel Fri, 12/18/2015 - 12:12pm
First the layout. I have a Debian Linux desktop running Vmware Workstation. Within Vmware workstation, I have a Debian Linux server that I've named "VPN" for other purposes. I will use this VPN machine to supply one side of my ssh tunnel. On the other side of the tunnel is an ESX server with yet another Debian Linux server named "gateway" running inside of it. "gateway" has one network connection that is on the internet, and another that is on the ESX server's private network. Vmware Workstation will connect to the ESX server through this tunnel.
1) "desktop": Runs Vmware Workstation on Debian. Exposes 172.16.1.1 on "Host Only Network" in Vmware Workstation
2) "vpn": Runs in Vmware Worksation as a Debian server. Attached to "Host Only Network" as 172.16.1.2. Also has a Bridged Connection to communicate with internet.
3) "gateway": Runs in ESX server. Has two network connections, one connection is on internet, and one is on the ESX server's management network.
4) ESX server: Our target. management network ip is 10.1.1.1
Vmware Workstation --connectsTo--> vpn --tunnelStart--> gateway --tunnelEnd--> ESX server
There are two reasons why I'm using the "vpn" machine. One is that 3 common ports (443, 902, 903) are required for the forward. My desktop machine has those allocated, and it would be very inconvenient to move them. The second is that Vmware workstation will not connect to an ESX server at "localhost" because it is trying to run its own internals on those same ports.
Lets add a command line interface so we can login to the "vpn" machine. On my desktop, I've set up my .ssh/config file thus:
I've also added to my hosts file:
On the "vpn" machine, I've added an entry to my hosts file to speed up log in (avoid dns lookup):
That gives us a nice connection to our "vpn" machine. Test it with:
$ ssh vpn
Now, we setup the connection to "gateway" from "vpn". We need to use privileged ports (443, 902 and 903 which are all < 1024), so we'll have to setup this tunnel as the root user.
$ sudo bash
Modify /root/.ssh/config on "vpn"
# Access to ESX server
LocalForward 172.16.1.2:443 10.1.1.1:443
LocalForward 172.16.1.2:902 10.1.1.1:902
LocalForward 172.16.1.2:903 10.1.1.1:903
You can then exit root access and try to login
$ sudo ssh gateway
Now, go back to Vmware Workstation
File > "Connect to Server..."
Server name: vpn
User name: "your esx username"
password: "your esx password"
You should be good to go now.
This can be done on windows as well with putty with this guide on mediarealm.com.au by Anthony Eden.
daniel Wed, 11/25/2015 - 3:36pm
Know-it-all: "Hey God! Make a rock so big you can't pick it up."
God turns ENTIRE Universe to rock.
God: "***There is no more up.***"
Somewhere in middle of rock is stone likeness of deceased Know-it-all.
-- Daniel Bower
daniel Wed, 08/26/2015 - 9:09am
keytool -delete -alias -keystore lib/security/cacerts -storepass changeit
daniel Wed, 08/19/2015 - 1:05pm
I used to think that the brain was the most wonderful organ in
my body. Then I realized who was telling me this.
daniel Wed, 08/12/2015 - 12:57pm
I was having difficulty getting UFW working with NAT, but this guide from James T worked out for me.
In particular, I was leaving off the commit afterwards in the beforerules file. I thought the file would only handle one commit, but 2 seemed to work just fine.
The other thing main thing to do was updating the config file for ufw in /etc/default/ufw.
Configuration for NAT