lotte/ChamplainTechJournals
1
Code Activity
ChamplainTechJournals/net-sec-controls-sec350/labs/week09/lab9.1-AdHocVPN.md
Charlotte Croce fbd588721e migrate to git.charlotte.sh
2025-04-19 23:42:08 -04:00

2.3 KiB
Raw Blame History

Lab 9.1 - Ad Hoc VPN with SSH

SSH allows you to create a remote port forwarding tunnel such that connections to a local port on traveler will traverse an ssh tunnel from traveler to jump and then be forwarded to a system of your choice, say mgmt02.

  • Enable RDP on mgmt02
  • Create a named local administrator account (charlotte) if not done so already
  • Create the DMZ-to-LAN and LAN-to-MGMT rules necessary for RDP to connect to mgmt02
# on edge-02
set firewall name DMZ-to-LAN rule 40 action 'accept'
set firewall name DMZ-to-LAN rule 40 description 'jump to RDP'
set firewall name DMZ-to-LAN rule 40 destination address '172.16.200.11'
set firewall name DMZ-to-LAN rule 40 destination port '3389'
set firewall name DMZ-to-LAN rule 40 protocol 'tcp'

# on fw-mgmt
set firewall name LAN-to-MGMT rule 40 action 'accept'
set firewall name LAN-to-MGMT rule 40 description 'jump to RDP'
set firewall name LAN-to-MGMT rule 40 destination address '172.16.200.11'
set firewall name LAN-to-MGMT rule 40 destination port '3389'
set firewall name LAN-to-MGMT rule 40 protocol 'tcp'

source: https://www.cloudthat.com/resources/blog/a-guide-to-access-rdp-through-ssh-tunneling-using-putty

Invoke an SSH connection from traveler to jump such that RDP connections in that tunnel are redirected to mgmt02.

Step 1: Configure PuTTY for SSH Tunneling

  • Launch PuTTY on your source Windows machine
  • In the "Session" category:
    • Enter the IP of jump box[actually the firewall interface -PF] (10.0.17.151)
    • Keep port 22 / SSH
    • Optionally save your session configuration

Step 2: Set Up the SSH Tunnel for RDP

  • In the PuTTY Configuration window, navigate to Connection > SSH > Tunnels
  • Configure the tunnel with:
    • Source port: 3390 (or any unused local port)
    • Destination: 172.16.200.11:3389 (mgmt02)
    • Select "Local" and "Auto" options
    • Click "Add" to create the tunnel

Step 3: Connect to the Jump Box

  • Return to the "Session" category
  • save your configuration
  • Click "Open" to connect to the Linux jump box/ enter jump box creds

Step 4: Connect via RDP Through the Tunnel

  • With the SSH connection active, open Remote Desktop Connection on your source Windows machine
  • In the "Computer" field, enter: localhost:3390
  • Click "Connect" and enter credentials for the destination Windows machine