I’ve recently been experimenting with using Ubuntu as my main desktop at home. I’ve always been a fan of Linux since my university days and it is great to see how far it has come.
I’m particularly happy that there is now Cisco VPN support. Complete with working with the SecurID keyfobs.
Getting connected to my work VPN was trivial once I was pointed in the right direction of which packages to use. Unfortunately, a snag was that I needed to Remote Desktop to my Windows workstation, but the work firewall was not up to date. It was blocking me.
I could, however, ssh to our Linux development server, so surely there was a way to use it as a proxy between my home PC and my work PC?
This is normally ideal ground for SSH tunneling but I was not in the position to get OpenSSH installed on the work PC when I couldn’t get access to it!
The solution: socat.
Easily compiled, establishing an appropriate tunnel was just a matter of invoking:
socat TCP4-LISTEN:5000 TCP4:my-work-pc.somewhere.net:3389
Pointing my Remote Desktop client to that server, on port 5000, meant that the traffic ultimately ended up at the correct place. Perfect.
Caveats here: This sort of tunnel is not encrypted. In this instance, no problem, as the Internet portion is still going over the secured VPN, and the work network itself is considered trusted. RDP traffic is encrypted.
This post has confused me a bit. You said your firewall wasn’t configured properly to allow you access, yet somehow you’re connecting on port 5000 after SSH’ing into the Linux machine and using socat to forward (I assume via the VPN). What firewall is there between the Linux system and the Windows one that blocks you from going directly into the Windows machine once the VPN connection is established? You know about SSH tunnels, but you don’t use them even though they’re easily available to you AND easily used in this situation. If you don’t have SSH on the home machine, how are you SSH’ing to the Linux machine? And most confusing of all, if you’re trying to RDP into the Windows machine, what on earth does having OpenSSH on the Windows box at work have to do with anything at all when you’re trying to use the home and Linux work machines to do the “bounce” to the work Windows machine? You may want to edit the post to clarify why you had to use socat. Is the firewall specifically blocking RDP connections, rather than just port 3389? Apologies, but I’m leaving with more questions than answers here and I’m trying to help.
If you have SSH on the Linux box, and you know about SSH tunneling, why didn’t you just set up an SSH tunnel? Just do something like “ssh -f -L 5000:my-work-pc.somewhere.net:3389 sleep 60” to access the RDP on the PC behind the firewall as localhost:5000, or if you use PuTTY to ssh in, add a local port forward to the connection options before you’re connecting, with local port 5000 and destination my-work-pc.somewhere.net:3389; either way will work. I do this to print to my work printers via CUPS from my home Windows box.
Obviously, though, your socat solution is *perfectly valid* and you deserve a pat on the back for making it work. There’s more than one way to skin a netcat. (Har har har!)
Socat has SSL support. Use SSL-LISTEN instead of TCP(4)-listen and TCP-CONNECT instead of TCP-CONNECT.
Useful socat info in my 2011 post about socat:
http://www.geeklab.info/2011/12/playing-with-the-sockets-socat-and-netcat/