On Wed, 28 Sep 2011 06:49:59 -0400, Nick Holland
<[email protected]> wrote:
> On 09/28/11 03:13, Wesley M. wrote:
>> Hi,
>>
>> I have at work:
>> TS Server : 10.100.1.100 his gateway is 10.100.1.254 (router for
private
>> network)
>
> bzzt. Bad.
> (I'm guessing that's a windows terminal server)
Yes, it is (RDS, Windows 2008 R2)
>> Firewall : 10.100.1.250 (OpenBSD 4.9, ADSL : sis0, Lan (10.100.1.0/24)
>> :sis2
>>
>> On the firewall, i can ping 10.100.1.100 and telnet 10.100.1.100 3389
->
>> OK
>
> right. no gateway involved.
Yes, it doesn't need the gateway : 10.100.1.254
>
>> When i am at home, i connect to firewall using "thegreenbow" vpn is ok,
i
>> can ping 10.100.1.250, use ssh on the firewall, but i can't ping
>> 10.100.1.100 and can't use rdp on this address.
>>
>> my pf rules:
>> ...
>> set skip on {lo,enc0}
>> pass out on sis2 inet proto tcp from $remote to 10.100.1.100 port 3389
>> pass out inet proto icmp all icmp-type echoreq
>> ...
>
To resume :
INTERNET---sis0---<ADSL_ROUTER>---<OpenBSD_PF>---sis1---LAN---<TS_server,ISP_router>
On the LAN side :
There's the TS SERVER and the ISP ROUTER (need it to connect the 4 others
locations)
>
> Fixes: 1) fix the default gateway on the TS Server machine, add a custom
> route for whatever that "private network" thingie is.
I can't change the gateway, because the others locations (there are 4)
won't connect on TS.
> 2) instead of your VPN, use an SSH tunnel to your firewall, then
> redirect 3389 to the TS Server. This way, your remote desktop session
> is between the gateway and the firewall, which are both on the same
subnet.
Seem's a good solution. But there's no other way to connect TS using VPN ?
>
> Nick.
