Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
bhaizlett123
Contributor

SSH TO GATEWAY OVER VPN

I have a gateway that has remote access vpn enabled. I am trying to ssh directly to it, when i connect to it over vpn, but for some reason i am unable to, i don't even see the traffic coming to the gateway. Is this possible or is there a workaround for this?

11 Replies
_Val_
Admin
Admin

Can you ping the same GW IP addresses, internal and external, and/or open WebUI to it, when on VPN. Are you using Office Mode?

0 Kudos
bhaizlett123
Contributor

Yes using office mode, but not able to ping or webui to it on internal ip address, which is what i am trying to get to.
_Val_
Admin
Admin

Please make sure that Office mode IP addresses are routed to the external interface of the GW and not to internal network. 

 

Most probably a routing issue, office mode is routed back to internal networks and not to the VPN tunnel

bhaizlett123
Contributor

Where are you saying to add the route, because shouldn't the firewall know how to route office mode ip's since its the one that assigns them to the client.

0 Kudos
Vladimir
Champion
Champion

1. In Gaia config, do you have Office mode range defined as permitted clients?

2. In Security Policy, do you allow SSH from Office mode to the gateway object?

0 Kudos
WorkingDread
Participant

Hello, thanks,

1-Yes, in Gaia is allow connections from any source (i have a lab environment)

2-In the Policies, I created rules to allow connections from all networks to Gateways, but it doesnt works

Something that I see is that the internal IP address of gateway is not inside the VPN Domain for RemoteUsers (the network of that IP address is inside vpn domain), due that reason my test connections are not showed in the logs, if i do a traceroute to internal IP address of gateway with vpn client connected the connections to the gateway  take the path to internet modem, they does not go by the VPN tunnel,

 

0 Kudos
Vladimir
Champion
Champion

Check the Excluded services either in global properties or the VPN community.

I believe that SSH is counted as one and thus may be excluded from the tunnel when destination is the gateway.

WorkingDread
Participant

Hello!

did you find the solution for the access to GW over client vpn?

 

0 Kudos
Christopher_To
Collaborator

Hi Bhaizlett,

I am experiencing the same issue.  Have you found a solution to accessing the firewall over VPN?

Thanks!

0 Kudos
LongIsland
Explorer

Hello all,

the same issue here: no access to the internat interface of the appliance via VPN.
Weird addition: https access is possible, but ssh is not.
Is there any update?

Thanks and regards

0 Kudos
_Val_
Admin
Admin

As @Vladimir mentioned above, it is most probably because SSH is excluded from VPN services. Check advanced properties of your VPN community. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events