Tunnelling / VPNing a Win2008 Box to a Linux server?

From: Mike Harrison 
------------------------------------------------------

Silly question: Windows AND Linux.

I can RDP into a bare fresh installed Win2008 Server
behind a firewall at an ISP. I have full admin access and permission
to do whatever I need to do. It has a web service (XML, SOAP, etc...)
on it on port 80 that I would like a Linux system (public on the net)
to be able to access.

Getting the ISP to configure a useful VPN or port forwarding is.. well..
painful is an understatement.

Is there a way to put a VPN configuration on that Win2008
box so that it can connect back to the Linux server
so that, more importantly, the Linux server can connect to it.
Using the Win2008's private IP is actually a good thing in this case.

I don't even know the words to look for but it looks like
it's got some kind of Microsoft VPN client stuff built in.

Can I do this with OpenVPN? Setup a server to server VPN/Tunnel?

I'm looking for a direction to search for...


=============================================================== From: William Wade ------------------------------------------------------ Something like https://secure.logmein.com/products/hamachi/ might be what you are looking for..?

=============================================================== From: Christopher Rimondi ------------------------------------------------------ Not sure if this is what you are looking for but if you want to play with port forwarding netcat can be helpful. Netcat has a binary for Windows as well as Linux obviously. This is a pretty good resource for that: http://www.sans.org/security-resources/sec560/netcat

=============================================================== From: Mike Harrison ------------------------------------------------------ Uhh.. I was stupid. They have the public address on that box.. I'm done.

=============================================================== From: Bret McHone ------------------------------------------------------ If you have a VPN server setup on your linux box it's no problem since windows should be able to do L2TP/IPSec or PPTP (not recommended) out of the box. Don't hate me for making this suggestion, but there is actually a HAK5 video that walks you through this kind of scenario, though I don't remember which one. I've not watched it in many many months. -B

=============================================================== From: Eric Wolf ------------------------------------------------------ In case you have to get fancier in the future, Tunnlier totally rocks when it comes to SHH and Windows. -Eric -=--=---=----=----=---=--=-=--=---=----=---=--=-=- Eric B. Wolf 720-334-7734

=============================================================== From: Jason Brown ------------------------------------------------------ I was going to suggest a basic reverse tunnel over ssh (I like these better than VPN's in general depending on application). I have used putty and cygwin, but Tunnlier looks really nice. I'm going to try that out. Thanks Eric --Jason

=============================================================== From: Mike Harrison ------------------------------------------------------ We do SSH tunneling a lot, Linux to Linux. It rocks, even on crappy net connections. But ya'll need to laugh at me, cause I am configuring a Win2008 Server right now... 'cause the professional Windows Admin types put this thing live on the net with a wide open mail relay and other things.

=============================================================== From: Jason Brown ------------------------------------------------------ It happens to the best of us. Just take a hot shower when you are done and try to forget about it.... --Jason

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The only silly one was the one you didn't ask.... Yes, I do this for clients that have overlapping RFC1918 space and don't bring in enough revenue for me to burn one of my precious (expensive) Cisco IPSec tunnels that I can actually mangle NAT before IPSeC to compensate for the overlap. I would statically assign the VPN address, Windows seems to have a problem with DHCP over the tunnel for some reason. I also recommend having a backup plan (like LogMeIn) to connect real quick and restart the OpenVPN service in case the Windows box gets stupid (it will). Regards, dtb - -- "Some things in life can never be fully appreciated nor understood unless experienced firsthand. Some things in networking can never be fully understood by someone who neither builds commercial networking equipment nor runs an operational network." RFC 1925 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBSLpoACgkQABP1RO+tr2T/sgCfRLBrTPSrhnOb+nIL4Wc5hnvI KuwAnRe3rMATN22mvpKYy2ncRQMv30c0 =29JR -----END PGP SIGNATURE-----

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And you think you're stupid? :) Regards, dtb - -- "Some things in life can never be fully appreciated nor understood unless experienced firsthand. Some things in networking can never be fully understood by someone who neither builds commercial networking equipment nor runs an operational network." RFC 1925 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBSLuwACgkQABP1RO+tr2RWnwCgwOsMaE6EJotmluL6cObaY/X8 XBsAn19NmnYmQmxIZQntxAvAIQTAgnf2 =4Vwh -----END PGP SIGNATURE-----

=============================================================== From: Matt Keys ------------------------------------------------------ +1 for this recommendation. I prefer using a linux box as a kvm host and running the windows box as a guest vm, when applicable. You'll always have console access that way when it goes stupid. Another benefit is after it's all set up and done you may have plenty of resources left over... maybe enough for a test instance. The reboots are a hell of a lot faster as a vm too. -----Original Message----- From: chugalug-bounces@chugalug.org [mailto:chugalug-bounces@chugalug.org] On Behalf Of Dave Brockman Sent: Thursday, September 13, 2012 3:06 PM To: Chattanooga Unix Gnu Android Linux Users Group Subject: Re: [Chugalug] Tunnelling / VPNing a Win2008 Box to a Linux server? I would statically assign the VPN address, Windows seems to have a problem with DHCP over the tunnel for some reason. I also recommend having a backup plan (like LogMeIn) to connect real quick and restart the OpenVPN service in case the Windows box gets stupid (it will).

=============================================================== From: Michael Scholten ------------------------------------------------------ For curiosity sake, thoughts on Team Viewer? I've used logmein in the past but have really liked team viewer for my home computer mostly because I can use their app for free on my Android and it just works with very little initial setup. Sorry, having seen Dave comment on using logmein as a backup connection reminded of team viewer... -Michael

=============================================================== From: John Alcock ------------------------------------------------------ Try neorouter. I use Linux as my server but you could use windows as a server as well