SSH + VPN under gragoyle

Report wireless and/or network connectivity problems in this forum.

Moderator: Moderators

Post Reply
polk
Posts: 3
Joined: Mon Sep 24, 2012 9:29 am

SSH + VPN under gragoyle

Post by polk »

Hello,
I have TP-Link TL-WR741ND v4 router.
I've installed Gargoyle on it.
When I'm within my intranet I can ssh/vpn to my Ubuntu server.
Yet when I'm outside my network (lets say at work) I can't access it at all.
I have place 2 rules for my Ubuntu server in the router, under
Individual Port Forwarding:
Protocol | From Port | To IP | To Port |Enabled
Both | 23 | 192.168.1.55 | 22 | marked true
Both | 1194 | 192.168.1.55 | 1194 |marked true
much more clear in the attached pic..

please advice.
again from within the network I can access my ssh server + vpn server.
from outside my network I can't access any of them.

What am I doing wrong?
Attachments
the port forward in my router..
the port forward in my router..
PortFW.PNG (14.54 KiB) Viewed 5834 times

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: SSH + VPN under gragoyle

Post by ispyisail »

When I'm within my intranet I can ssh/vpn to my Ubuntu server
you need to specfic VPN type

e.g. openvpn, ppptp............

I suspect "General Routing Encapsulation (GRE)" port problem. search this forum for "GRE"

mix
Posts: 292
Joined: Sun Feb 27, 2011 11:18 am

Re: SSH + VPN under gragoyle

Post by mix »

Assuming port forwarding is working in this build (I wouldn't be surprised if it wasn't), you are attempting to forward port 23 to port 22... So you are trying to forward the standard telnet port to a ssh port. This will work as long as you know what you are doing and account for this with your ssh client. You are also trying to forward the openvpn port straight through, which is fine. Can you prove that your internet service provider isn't blocking any of these ports, and that your workplace isn't blocking outbound traffic to them either? Try running the "All Service Port" scan from GRC.

https://www.grc.com/x/ne.dll?bh0bkyd2

If ports 23 and 1194 are reported as open, things should be working fine and I would expect your workplace is the problem. Any port that is detected as being stealth is in fact being blocked by your ISP, because by default (and I am again assuming you haven't change this) Gargoyle sets closed ports to report back as closed, and does not drop the packet (which is what stealth means). If port 23 or 1194 is reported as closed, I would expect the problem is the port forwarding functionality of the router.

If you want to be really sure and prove whether port forwarding is working, you could also try forwarding a port outside of the service port range to port 22 on your ubuntu server and try to ssh to that port instead. I suppose there is always a chance that Gargoyle is intercepting ports 22, 23 and 1194 because it is capable itself (and may be currently running) telnet, ssh and OpenVPN. Using some other ports would get around a weird issue like this.
WRT54GL v1.1
Gargoyle 1.4.7

polk
Posts: 3
Joined: Mon Sep 24, 2012 9:29 am

Re: SSH + VPN under gragoyle

Post by polk »

Thank you for the replays.
I have changed my home setup to test the issue, 2 wr742nd the server is behind the gargoyle (port forward 23 to port 22 and port 2222 to port 22) while it's WAN is connected on the LAN port of the other router (lets call it mainRouter).
Another computer is on the LAN of mainRouter and it try to ssh to the ubuntu server (ssh /vpn) - it fails.

I've scanned the gargoyle with nmap:
$nmap 96.1.0.101 -PN

Starting Nmap 5.21 ( http://nmap.org ) at 2012-09-26 01:27 IST
Nmap scan report for 101_0_1_96-MIP_POOL_WEST_1x.telusmobility.com (96.1.0.101)
Host is up (0.00060s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
23/tcp filtered telnet
2222/tcp filtered unknown

polk
Posts: 3
Joined: Mon Sep 24, 2012 9:29 am

Re: SSH + VPN under gragoyle

Post by polk »

I'm using openvpn , which is on the ubuntu since in the gargoyle docs openvpn isn't supported by my router..

I have tried with the described setup to see if the data even passes the router so on the Ubuntu I've installed wireshark.
It's log shows that the packet arrives but I don't know enough to dig from that the data for "why the ssh/vpn doesn't responds"

Attached 2 short logs of wireshark:
192.168.1.55 is my ubuntu server.
192.168.1.1 is my wr741nd gargoyle router.
This part showing ssh arrives yet not handled [is there a configuration flag preventing ssh from different subnet in the default sshd ??]
ssh from network (not intranet) failed.
ssh from network (not intranet) failed.
sshFromNet_Failed.png (82.81 KiB) Viewed 5814 times
ssh from within the same network ssh worked
ssh from intranet works.
ssh from intranet works.
sshFromIntraNet_ok.png (142.86 KiB) Viewed 5814 times

Any ideas?

Post Reply