topic Re: SSH TO GATEWAY OVER VPN in Firewall and Security Management

SSH TO GATEWAY OVER VPN

bhaizlett123 — Mon, 04 May 2020 13:15:35 GMT

I have a gateway that has remote access vpn enabled. I am trying to ssh directly to it, when i connect to it over vpn, but for some reason i am unable to, i don't even see the traffic coming to the gateway. Is this possible or is there a workaround for this?

Re: SSH TO GATEWAY OVER VPN

_Val_ — Wed, 06 May 2020 14:09:29 GMT

Can you ping the same GW IP addresses, internal and external, and/or open WebUI to it, when on VPN. Are you using Office Mode?

Re: SSH TO GATEWAY OVER VPN

bhaizlett123 — Wed, 06 May 2020 17:33:58 GMT

Yes using office mode, but not able to ping or webui to it on internal ip address, which is what i am trying to get to.

Re: SSH TO GATEWAY OVER VPN

_Val_ — Wed, 06 May 2020 20:22:07 GMT

Please make sure that Office mode IP addresses are routed to the external interface of the GW and not to internal network.

Most probably a routing issue, office mode is routed back to internal networks and not to the VPN tunnel

Re: SSH TO GATEWAY OVER VPN

bhaizlett123 — Fri, 08 May 2020 00:58:59 GMT

Where are you saying to add the route, because shouldn't the firewall know how to route office mode ip's since its the one that assigns them to the client.

Re: SSH TO GATEWAY OVER VPN

WorkingDread — Thu, 06 May 2021 01:34:25 GMT

Hello!

did you find the solution for the access to GW over client vpn?

Re: SSH TO GATEWAY OVER VPN

Vladimir — Thu, 06 May 2021 14:21:59 GMT

1. In Gaia config, do you have Office mode range defined as permitted clients?

2. In Security Policy, do you allow SSH from Office mode to the gateway object?

Re: SSH TO GATEWAY OVER VPN

WorkingDread — Thu, 06 May 2021 18:13:58 GMT

Hello, thanks,

1-Yes, in Gaia is allow connections from any source (i have a lab environment)

2-In the Policies, I created rules to allow connections from all networks to Gateways, but it doesnt works

Something that I see is that the internal IP address of gateway is not inside the VPN Domain for RemoteUsers (the network of that IP address is inside vpn domain), due that reason my test connections are not showed in the logs, if i do a traceroute to internal IP address of gateway with vpn client connected the connections to the gateway take the path to internet modem, they does not go by the VPN tunnel,

Re: SSH TO GATEWAY OVER VPN

Vladimir — Thu, 06 May 2021 19:35:46 GMT

Check the Excluded services either in global properties or the VPN community.

I believe that SSH is counted as one and thus may be excluded from the tunnel when destination is the gateway.

Re: SSH TO GATEWAY OVER VPN

Christopher_To — Thu, 23 Sep 2021 22:18:42 GMT

Hi Bhaizlett,

I am experiencing the same issue. Have you found a solution to accessing the firewall over VPN?

Thanks!

Re: SSH TO GATEWAY OVER VPN

LongIsland — Tue, 28 Sep 2021 10:15:15 GMT

Hello all,

the same issue here: no access to the internat interface of the appliance via VPN.
Weird addition: https access is possible, but ssh is not.
Is there any update?

Thanks and regards

Re: SSH TO GATEWAY OVER VPN

_Val_ — Tue, 28 Sep 2021 12:59:36 GMT

As @Vladimir mentioned above, it is most probably because SSH is excluded from VPN services. Check advanced properties of your VPN community.