Mark Rogers mark@quarella.co.uk
Remote end (on the remote LAN that I want to connect to): 5.50.60.177 is the address I SSH to, and is also the address that the remote end reports in ifconfig. My end: 5.70.80.21, which is also confirmed by ipconfig (Windows) and I can ping it from the remote end.
Remote end subnet is 192.168.150.x - that's what I'm trying to reach. My local IP is 192.168.200.180.
Yeah. Unless the remote router is the remote Hamachi endpoint or you can tell it to send packages for 192.168.200.0/24 out via it, then there's no way "to route to the 192.168.150.x network via the working Hamachi connection" because you also need a route back for the replies to reach you.
You'll need to do classic NAT / IP Masquerading, like Brett suggested.
ssh tunnels are quickest: as root (because you want :443) on 5.50.60.177, ssh -L 5.50.60.177:443:192.167.150.250:443 SomethingThatCanSeeTheDraytek
With the above comments in mind, I'm a bit confused here. 5.50.60.177 can see its local Draytek already (at 192.168.150.250), but in order to use its web interface I need access from my desktop end (the remote box is headless and won't run anything more sophisticated than Lynx, which the Draytek doesn't seem to work with). Therefore I need to establish the connection from my desktop end.
Right. I thought you wanted to see it by accessing https://5.50.60.177/ on other machines on your side of the network. Sorry for my confusion.
Establishing the connection from your desktop end is simpler. Just run ssh -L 443:192.167.150.250:443 SomethingThatCanSeeTheDraytek as root (for :443) and access https://localhost but it will complain about the certificate like this too:
I figured that (at the remote end): socat TCP4-LISTEN:443 TCP4:192.168.150.250:443 .. would work, and I think that maybe it does get me closer, but when I go to: https://5.50.60.177 .. Firefox gives me a certificate warning but seems unable to download the certificate and therefore won't let me past, and Chrome under the same circumstances causes socat to die.
That's because socat only forwards one connection by default. Give it the fork option and maybe reuseaddr like in the man socat EXAMPLES section.
Hope that helps,