LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-26-2014, 11:56 AM   #1
sousacanfly
LQ Newbie
 
Registered: Jan 2014
Posts: 28

Rep: Reputation: Disabled
Linux KVM bridge with IPSec - Connect to VM directly


Hi Guys,

normally, what i would do to connect to my VM1 through the internet would be something like:

Code:
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.25 --dport 5901 -j DNAT --to-destination  192.168.1.10:5900
Using noip.com pointing to 192.168.1.25:

Being the 192.168.1.25 MY SERVER'S IP
And 192.168.1.10 VIRTUAL MACHINE'S IP

Problem is, when i connect through IPSec/L2TP VPN i can't find a way to connect through VNC directly to the machine

This doesn't work:

Code:
iptables -t nat -A PREROUTING -p tcp -d 10.8.0.1 --dport 5905 -j DNAT --to-destination  192.168.1.10:5900
Being the 10.8.0.1 Server's IP under the VPN;



BUT, if i want to connect through the hypervisor KVM, to the VM UNDER THE VPN, i can do so by using this:


Code:
iptables -t nat -A PREROUTING -p tcp -d 10.8.0.1 --dport 5901 -j DNAT --to-destination  192.168.1.25:5901
Notice that 192.168.1.25 is the server IP, and the 10.8.0.1 is the IP i'm using to connect to the server, so, both addresses are from the server per se.

I do not want this, as i would prefer to connect directly to the VM, that has an X11VNC server active and ready to receive a connection, and it works much better than KVM's VNC default server (Don't even know what kind of server it uses by default)



This is an important matter to me, so, if anyone is willing to work on this, i would be more than glad to pay you the service.


I thank you from the bottom of my heart, to anyone that can provide some kind of help in any way possible.

Last edited by sousacanfly; 02-26-2014 at 11:57 AM.
 
Old 02-26-2014, 12:28 PM   #2
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Hello,

Can you ssh into the virtual machine? If so you can just set up an ssh tunnel....

Code:
ssh -CfN $IP_ADDRESS_THAT_LOGS_YOU_INTO_YOUR_VM -l $USER -L 5901:$IP_ADDRESS_THAT_LOGS_YOU_INTO_YOUR_VM:5901
Then just connect to localhost's port 5901

Code:
localhost:5901
--C
 
Old 02-26-2014, 02:37 PM   #3
sousacanfly
LQ Newbie
 
Registered: Jan 2014
Posts: 28

Original Poster
Rep: Reputation: Disabled
I can ssh into root@10.8.0.1 (Headless server) and from there i can ssh into the VM through vm1@192.168.1.19

But i can't manage to get the redirection to work, like you posted. Are you sure i should use $IP_ADDRESS_THAT_LOGS_YOU_INTO_YOUR_VM onto both sides of the line?

Your suggestion is, to not use VPN right? Instead, using an SSH tunneling that will assure some high level of security in the connection. For what i've been experiencing, adding a layer of security through SSH when connecting through VNC protocol, makes things really slow.

I am pretty sure that what i want is feasible /doable , i am desperate at this point as i don't have any background using linux.
 
Old 02-26-2014, 09:48 PM   #4
sousacanfly
LQ Newbie
 
Registered: Jan 2014
Posts: 28

Original Poster
Rep: Reputation: Disabled
Well, got this done still using the VPN, i connected all clients together inside the VPN, and now i can connect directly to the X11VNC server at the VMs individually.

Dealing with no internet connection right now. Will take a look tomorrow. And need to see if i can make the VPN addresses permanent.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
best way for linux to connect to ipsec VPN? saiyen2002 Linux - Networking 2 08-19-2011 04:45 AM
[Debian/Qemu/KVM] Why qemu --enable-kvm works but not kvm directly? gb2312 Linux - Virtualization and Cloud 2 03-21-2011 02:05 PM
Implementing IPSec in a linux bridge. toure32 Linux - Networking 2 06-08-2010 08:26 AM
how to connect two linux Pcs directly without any modem sharav_4u Linux - Hardware 3 08-23-2007 05:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration