Devolutions ForumDevolutions Forum

VPN chaining?

VPN chaining?

avatar
pat

I have a SSH VPN configured with a dynamic (SOCKS5) outgoing tunnel.  I also have a proxy tunnel that proxies a localhost port to a remote host and port via the SSH session.  I then have a RDP session that connects to the localhost port on the proxy tunnel (which should then forward that connection through the proxy tunnel an on to the remote host).  The tunnel is configured to connect always to the SSH VPN and the RDP session is configured to always connect to the proxy tunnel. 

This all works fine if I manually start the SSH VPN first.  But my hope was that the chain of VPNs would start automatically (i.e. starting the RDP session would start the proxy tunnel which would then start the SSH VPN).  What happens instead is that the RDP session starts the proxy tunnel, the proxy tunnel fails to connect after 5 seconds of waiting (because the SSH VPN is not running), it then starts and tries (and fails) for another 5 seconds to connect to the same proxy tunnel, and finally, it tries (and fails) to connect via RDP.

So my question is: should this kind of VPN chaining work?

All Comments (6)

avatar
Etienne Lord

Hello,

Just to confirm, you want to automatically start an RDP session, that will first launch a proxy that would then launch a SSH VPN, correct? All that automatically.

Best Regards,

Etienne Lord

avatar
pat

No, the RDP session does not need to automatically start. If I manually start the RDP session (i.e. double-click on the entry or select the entry and click on the "open session" action), I would like it to launch the proxy which in turn will launch the SSH VPN. What currently happens is that the proxy is launched, but the SSH VPN is not.

avatar
Etienne Lord

Hello,

Thank you for the details, I will look into it!

Best Regards,

Etienne Lord

avatar
David Grandolfo

Hello Pat,

We automated the process of creating a Socks 5 tunnel between an SSH Tunnel and an RDP session. The RDP can also be replaced by an SSH or Web Browser.

Could you please review our documentation on the feature Secure Gateway at https://blog.devolutions.net/2020/02/how-to-configure-a-secure-gateway-in-remote-desktop-manager ?

Regards,

David Grandolfo

avatar
pat

Yes, thank you. That procedure worked. I had not seen that secure gateway documentation before, but had tried to make it work that way on my own before switching gears and going with the proxy over a tunnel approach. I think the only thing I missed when I originally tried it was to check the "Use over secure gateway checkbox".

Thanks again.

avatar
David Grandolfo

Thanks for the feedback, I'm glad that the secure gateway is the solution for your needs.

Regards,

David Grandolfo