Sorry, if title is unclear, here is the setup:
There is machine A
, running Linux. A
is part of university network and has single network interface with real IP. But connections from outside of campus to port 22 (and some others) are blocked at switch level, and this is impossible to change.
A
is running pptpd (localip {realip}, remoteip 10.0.0.100-200), and is NATing all connected clients (via iptables rule iptables -t nat -A POSTROUTING -o eth1 -s 10.55.248.0/24 -j MASQUERADE
).
It's possible to ssh to any of university machines via VPN-tunnel to A
, except A
itself, from outside (B
)
I understand that we cannot simply change the routing table on B
, since it would break the tunnel, but I'd really like to be able to ssh to A
from B
via VPN tunnel, since we cannot have a dedicated server for VPN, but instead use one of computational nodes, which itself needs to be accessible via ssh.
So the question is: is it possible to somehow force part of traffic to VPN-server to go through vpn-tunnel to said server?
I understand, that it's possible to change ssh listening port, or add iptables
rule on B
, but B
is not a single machine, so it can be nearly any OS (well, unlikely something else than Windows or Linux, but anyway) and can be used by a person not willing to meddle with manually adding routing rules.