Our latest Royal TS V6 Beta for Windows comes with a brand new feature that allows you to "nest" or "chain" secure gateway (SSH) tunnels. Since this feature has been requested a couple of times, we have now implemented it in the latest beta for you to test.

Dependent Gateways

In environments with tight security, you might not have direct access to your target hosts. Our secure gateway feature provides an easy way to tunnel connections using SSH local port forwarding and enables you to access hosts behind such a gateway. But what if you need to go through two gateways, or even more? This is where Dependent Gateways come into play.

Use Case

Here's a sample scenario: We have two target hosts that we want to be able to connect to: CI Server and Royal Server Both of these servers can only be reached through a secure gateway that we will call Office Gateway. However, the Office Gateway is also not directly reachable; to access it, we actually need to go through another gateway that we will call DMZ Gateway.

Royal TS/X → DMZ Gateway → Office Gateway → CI Server and Royal Server

First we need to establish a tunnel to the Office Gateway through the DMZ Gateway. To do this, Royal TS will open a local port (64806 in this case) and forward all traffic from this port to the Office Gateway. The subsequent tunnels that we need to establish in order to connect to our CI Server and Royal Server will use the Office Gateway tunnel mapped to port 64806 as a dependent gateway.

Setup

Although it may sound complicated, setting this up is actually quite easy:

• First, create a Secure Gateway object called DMZ Gateway. Configure the computer name, port, and credentials.
• Then, create another Secure Gateway object called Office Gateway. Configure the computer name, port, and credentials. Please ensure that the IP address/hostname is reachable from within the DMZ.
• In the Office Gateway properties, switch to the Dependent Gateway configuration page. Select the DMZ Gateway from the dropdown list.
• In the connection properties for the CI Server and the Royal Server configure the Office Gateway as the secure gateway.

Active Tunnels

When connecting to the target servers, Royal TS will automatically establish all the necessary tunnels. You can check and see if a tunnel to the dependent gateway (DMZ Gateway) has been established in the Active Tunnels panel (via the View ribbon tab). Please note that all subsequent connections will re-use the dependent gateway once a tunnel has been established.

That's it! This feature will also be available soon for Royal TSX on macOS. Stay tuned...

If you have any questions or issues regarding this particular feature or the V6 beta in general, please feel free to contact our support

P.S. "May the 4th be with you!"