mattwilson77
asked on
Routing/VPN/Linux/General Networking Question
I have a desktop at a remote location that connects to our main site via VPN. The subnet for the main site is 192.168.32.xxx. Once the VPN connection is established the remote desktop is assigned an IP on the same subnet of 192.168.32.xxx. At the remote location, the desktop is connected to a switch and a DSL modem is connected to the same switch. So the desktop also gets an internal IP address on the subnet of 172.16.64.xxx. There is also a Linux-based timeclock system (www.timeips.com) that is also connected to the switch and it has a static IP of 172.16.64.50. I want to get to that timeclock system without having to use Remote Desktop or VNC. The timeclock system uses a web-based interface that you access by going to 172.16.64.50 in a Web browser. Is there a way to get to that machine through the desktop which is connected via VPN? Maybe through port forwarding in the DSL router/modem. I would have to Remote Desktop or VNC in to the VPN-connected desktop to change the DSL router settings but I don't want to do. Any ideas on how to get to the timeclock system (Linux-based probably running Apache and MySQL)?
Rick Hobbs
Without using a remote control client on the desktop, no. Unless you can locate a VPN that will run on the timeclock. Why are you adverse to using Remote Desktop, VNC or similar on the desktop?
ASKER
Multiple accounts are setup on the desktop and it is undesirable to be calling the location and having them logout and login as different users. This desktop belongs to an executive and they do not like to be disturbed. There has to be a way to get to the linux timeclock box.
Other than putting another desktop over there in a closet without a montor or keyboard, I know of nothing. Sorry
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just like other ideas, there is NO way for you go access the linux box via VPN
One way to walk arround : acccess the linux webpage using https, and configure you adsl modem to open port for ssl(default 443)
One way to walk arround : acccess the linux webpage using https, and configure you adsl modem to open port for ssl(default 443)
I agree a router with VPN capability the other end would be much better but you might be able to get away with:
1. Add a static IP on the remote machine for the VPN connection instead of leaving it to get a DHCP one.
2. Add a static route on your machine.
route -p add 172.16.64.0 mask 255.255.255.0 172.16.32.
3. Add a static route on the linux machine for 172.16.32.0 via the VPN machine.
4. Turn on IP routing on the desktop machine. This may help:
http://www.dragon-it.co.uk/files/w2k_routing.reg
Steve
1. Add a static IP on the remote machine for the VPN connection instead of leaving it to get a DHCP one.
2. Add a static route on your machine.
route -p add 172.16.64.0 mask 255.255.255.0 172.16.32.
3. Add a static route on the linux machine for 172.16.32.0 via the VPN machine.
4. Turn on IP routing on the desktop machine. This may help:
http://www.dragon-it.co.uk/files/w2k_routing.reg
Steve
I completely agree with Steve... actually i might add that it SHOULD work unless you have some other issues (like the vpn firewall blocking packets coming from a 172.16.64.x address)...
i just think that he messed up the 192.168.32.0 network with the 172.16.32.0 one...
i just think that he messed up the 192.168.32.0 network with the 172.16.32.0 one...
Hmm, yes slight lack of reading there.... to be fair I was using a PDA with a tiny screen at the time :-) Principal remains the same though.
Steve
Steve
ASKER
I switched the user to Comcast and setup a wireless router. I connected the Linux-based timeclock system directly to the router. I then configured port forwarding for port 80 since the timeclock system's management software was web-based. I figured that it was running Apache and was probably on port 80. When I went to the external IP address it worked! Thank for the help guys.
-Matt
-Matt
I hope you've got that port firewalled off to your specific IP address otherwisedon't forget it will be wide open to the world and likely to be scanned and fiddled with in minutes...