Windows corporate VPN on Linux

Jul 18, 2020 06:29 · 473 words · 3 minute read tutorial proxy vpn

The problem

When working remotely for a big company, we often need to access internal tools that require a VPN (virtual private network) connection. Of course, to do so, there is not a simple OpenVPN configuration file, but you will need to install a proprietary VPN that only works on Windows. However, you would like yo use your favorite Linux distribution.

Solutions

OpenConnect

You can first try to use the OpenConnect VPN client. It supports Cisco AnyConnect, Juniper, Pulse, and GlobalProtect VPNs.

However, if the VPN required has some host checker enabled, you will need to use a Virtual Machine(VM).

Using a VM

Download a Windows image and a virtualization software such as VirtualBox.

Launch the VM. Inside the VM, you can install the corporate VPN and you will be able to access internal tools, but only inside the VM. You can keep using this solution if your interaction with the VM remains small. However, if it is frequent, the switch between VM and host would be too annoying.

If you want to have access to the internal network inside your host, you can check the following section.

Using SOCKS5 proxy with ssh

Start an SSH server, Windows 10 should have this service. OpenSSH Server can be found in Optional features. Per default, it will be listening on port 22.

If you use VirtualBox, in the network settings, choose to use NAT and add a port forwarding rule:

Protocol: TCP
Host Ip: 127.0.0.1
Host Port: 2222
Guest Port: 22

On the host, to connect the VM via SSH and create a proxy on port 8080

ssh -D 8080 user@VM_IP -p 2222

Once connected, you can use the localhost:8080 as a SOCKS5 proxy. You can configure your browser to use this proxy to browse internal websites.

If the ssh connection fails, the proprietary VPN probably hides the local network. You can then try the ngrok solution.

Using ngrok and Squid proxy

ngrok
Ngrok exposes local servers behind NATs and firewalls to the public internet over secure tunnels.

If when connected to the VPN you can still access internet, you can use ngrok to exposes a proxy server.

ngrok_presentation

Let’s start ngrok to exposes the VM 3129 port to the public internet.

ngrok.exe tcp 3129

Your terminal should look similar to this

ngrok_screenshot

The address 0.tcp.ngrok.io:17468 now redirects to the VM port 3129

Squid

We need now to start a proxy server using Squid.

Modify the config to uses port 3129 and if needed add the IP of the DNS server (dns_nameservers xx.xx.xx.xx). Then start a Squid proxy server.

On the host, we should now be able to access to the proxy server via the ngrok address

On the host we can use the proxy indicated in ngrok. I personally use FoxyProxy on Firefox. foxyproxy_screenshot Now you should have access to internal websites from your host browser 😎

tweet Share