So, you have a Supermicro server somewhere remote. Thats cool, they have a nifty IPMI module (either bridged to the primary interface or on a separate port). One of the features is a remote IP-KVM over what is mostly VNC. Of course, you have a complete distrust of anything embedded, so your IPMI is on a separate LAN/VLAN. You also don’t have a VPN to this IPMI LAN, because thats a lot of work for something that you’ll never use, and everyone just uses ad-hoc SSH tunnels anyway, right?
Except, you are Supermicro’s IPMI KVM thing (which is really made by a company called ATEN, who I now think very very negatively of). That means:
- The VNC connection is not standard, and standard clients won’t work.
- You need to use a Java Webstart application in order to actually connect (which has native code too, ugh, its Java guys, no need to go native)
- The Java Webstart VNC application needs UDP access to the IPMI port 623 (WTF, I really don’t know why)
The last point is the kicker – you need to tunnel UDP in addition to TCP, which SSH does not do natively.
Enter socat, netcat on steroids. It can forward UDP over TCP and back to UDP with little fuss. You’ll need socat on both ends of the connection.
So, without further delay, the recipe:
On the local system
sudo socat -T15 udp4-recvfrom:623,reuseaddr,fork tcp:localhost:8000
Now the SSH tunnel
sudo ssh -L80:IPMIMACHINE:80 -L8000:localhost:8000 -L443:IPMIMACHINE:443 -L5900:IPMIMACHINE:5900 you@host-to-tunnel-through socat tcp4-listen:8000,reuseaddr,fork UDP:IPMIMACHINE:623
Replace IPMIMACHINE with the host you need to connect to, and host-to-tunnel-through with the host which can access the IPMI network.
Navigate to http://localhost, enter your password (hint: ADMIN/ADMIN), hit cancel on the “You need to install Java!” dialog (which shows even if you have applet support), navigate to the remote redirection tab, hit cancel on the same popup, and hit the Launch button. Run the JNLP Webstart file, and SUCCESS!
Next up: How to do this with an ASUS machine (much simpler).