Is VPN necessary for accessing remote network when I can ssh

3

If I understood it properly on a general level, ssh is used if I want to securely access a single remote machine (say 10.243.212.98) . On the other hand, vpn is used if I want to access an entire remote network (say 10.243.212.0/24) and all the machines in this network, as if I am locally present in that network.

I have the following two questions:

  1. Why is vpn necessary for connecting to 10.243.212.0/24 if I can ssh into 10.243.212.98 ? After I connect to that remote machine wont I "be" on that network? I know all my traffic, except ssh, will not go through remote machine and therefore not "be" on that network. But is that all?

  2. Consider the following network diagram:

    192.168.0.3 192.168.0.4 
     PC1   PC2
     |    /                              10.243.212.0/24
     SWITCH<-------(F1/0)--ROUTER1--(F1/1)----------(F1/0)-->ROUTER2--(F2/1)---->INTERNET
                192.168.0.1          .2              .3

    If I vpn into the network 10.243.212.0/24 what will be my assigned IP address ? Something like 10.243.212.4 ? Then I wont be able to access the PCs 192.168.0.3 or 192.168.0.4 as they are on different network segment! But I heard VPNs allow me to access internal network. So what do I do if I want to access the PCs?

user257330

Posted 2017-04-16T11:55:47.217

Reputation:

1You will still be able to access computers on your local network in most cases; check your routing table. The VPN will assign you an address in whatever range it is configured for, and may or may not push a new default route to you. – multithr3at3d – 2017-04-16T15:44:51.120

It's not required but it's a secure way to do so. – Ramhound – 2017-04-25T11:03:49.917

Answers

3

From your question, I'm assuming that the IP that you want to ssh to is an external IP. In that case, a VPN is not strictly necessary. Any PC can connect to it from the internet (assuming external connections are allowed).

If the system that you want to ssh into is internal or only accepts connections from internal systems, then you will have to use the VPN in order to access it.

Additionally - the only benefit that you may have if you use a VPN and then ssh is - that it'll help avoid mitm attacks, or at least make executing them harder. And it might also help protect you by masking your traffic.

If I vpn into the network 10.243.212.0/24 what will be my assigned IP address ? Something like 10.243.212.4 ? 

Assuming that block (10.243.212.4) is an external IP, then by ssh'ing into a system on the network (irrespective of whether you use a VPN or not) you will be using the remote system. In other words, your IP will be the same as the machine that you ssh into - you will have a public IP 10.243.212.4 and and internal private IP like 192.168.0.x.

thel3l

Posted 2017-04-16T11:55:47.217

Reputation: 176

@user257330 - edited. What I meant to say is - it doesn't matter if you use a VPN and then SSH into a system or directly SSH into it (from a non-security standpoint). In both cases, you will finally have full control over the system, which means you will have two IPs - one internal and one external. Your VPN can be though of as a wrapper - without it, the connection will still pass, but with it, the only benefit is security, not usability. – thel3l – 2017-04-16T13:23:24.690

Thanks very much for your answer. However in the second part, you mention the case if I "ssh". My question was regarding if I "vpn" and not "ssh". Could you please clarify a bit more regarding my IP address when I "vpn into the remote network"? – None – 2017-04-16T13:06:51.473

Asked: 2017-04-16T11:55:47.217

Viewed: 142 times

Active: 2017-04-25T11:02:51.597