lotte/ChamplainTechJournals
1
Code Activity
ChamplainTechJournals/net-sec-controls-sec350/labs/week09/lab9.1-AdHocVPN.md
Charlotte Croce fbd588721e migrate to git.charlotte.sh
2025-04-19 23:42:08 -04:00

50 lines
2.3 KiB
Markdown
Raw Blame History

# Lab 9.1 - Ad Hoc VPN with SSH
SSH allows you to create a remote port forwarding tunnel such that connections to a local port on traveler will traverse an ssh tunnel from traveler to jump and then be forwarded to a system of your choice, say mgmt02.
- Enable RDP on mgmt02
- Create a named local administrator account (charlotte) if not done so already
- Create the DMZ-to-LAN and LAN-to-MGMT rules necessary for RDP to connect to mgmt02
```
# on edge-02
set firewall name DMZ-to-LAN rule 40 action 'accept'
set firewall name DMZ-to-LAN rule 40 description 'jump to RDP'
set firewall name DMZ-to-LAN rule 40 destination address '172.16.200.11'
set firewall name DMZ-to-LAN rule 40 destination port '3389'
set firewall name DMZ-to-LAN rule 40 protocol 'tcp'
# on fw-mgmt
set firewall name LAN-to-MGMT rule 40 action 'accept'
set firewall name LAN-to-MGMT rule 40 description 'jump to RDP'
set firewall name LAN-to-MGMT rule 40 destination address '172.16.200.11'
set firewall name LAN-to-MGMT rule 40 destination port '3389'
set firewall name LAN-to-MGMT rule 40 protocol 'tcp'
```
source: https://www.cloudthat.com/resources/blog/a-guide-to-access-rdp-through-ssh-tunneling-using-putty
## Invoke an SSH connection from traveler to jump such that RDP connections in that tunnel are redirected to mgmt02.
### Step 1: Configure PuTTY for SSH Tunneling
- Launch PuTTY on your source Windows machine
- In the "Session" category:
- Enter the IP of jump box[actually the firewall interface -PF] (10.0.17.151)
- Keep port 22 / SSH
- Optionally save your session configuration
### Step 2: Set Up the SSH Tunnel for RDP
- In the PuTTY Configuration window, navigate to Connection > SSH > Tunnels
- Configure the tunnel with:
- Source port: 3390 (or any unused local port)
- Destination: 172.16.200.11:3389 (mgmt02)
- Select "Local" and "Auto" options
- Click "Add" to create the tunnel
### Step 3: Connect to the Jump Box
- Return to the "Session" category
- save your configuration
- Click "Open" to connect to the Linux jump box/ enter jump box creds
### Step 4: Connect via RDP Through the Tunnel
- With the SSH connection active, open Remote Desktop Connection on your source Windows machine
- In the "Computer" field, enter: localhost:3390
- Click "Connect" and enter credentials for the destination Windows machine
View git blame Copy permalink