search cancel

How to create a tunnel between a nated tunnel server and client on Linux


Article ID: 77081


Updated On:


DX Unified Infrastructure Management (Nimsoft / UIM)


Executing the  ./tunnelclient script on the Linux hub and importing the created client certificate on the tunnel client is not enough to establish the SSL tunnel connection.


Release: MSPNSP99000-8.51-Unified Infrastructure Mgmt-Server Pack-on Prem MSP


The resolution came with creating the tunnel connection as follows:
In the setup you are using the local secondary hub as the tunnel client and for the IP of the remote hub it would see is the nat'ed IP.
This means the tunnel server runs on a remote secondary hub with a different local IP and it is translated to another IP at the firewall.

To resolve this run the ./tunnelclient setup on the remote hub, create a tunnel server as normal.
Next, create the tunnel client certificate (this is not the CA), with a wildcard * instead of the IP of the local secondary hub.  
On the tunnel client, when you create the client connection, please untick the option "Check Server Common Name" and also set the Server IP to the Nat'ed IP address.