From b81fb2a7381de8179a3d04fc9cad4e7a09ae1a9a Mon Sep 17 00:00:00 2001
From: Michael Blaschek <michael.blaschek@univie.ac.at>
Date: Tue, 30 Mar 2021 13:13:58 +0200
Subject: [PATCH] Update SSH-VPN-VNC/README.md

---
 SSH-VPN-VNC/README.md | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/SSH-VPN-VNC/README.md b/SSH-VPN-VNC/README.md
index 1115acf..ca86386 100644
--- a/SSH-VPN-VNC/README.md
+++ b/SSH-VPN-VNC/README.md
@@ -188,10 +188,20 @@ Todo add infos on `ssh-agent`
 
 # Q: How to transfer files between two VPN networks?
 
-You should be able to use an SSH tunnel.
+You should be able to use an SSH tunnel via a gateway server
 
-Assuming you're trying to transfer a file from a remote computer ("remote") to your local computer ("local"), 
-establish the tunnel via the third computer ("gateway") by typing this on your local computer:
+Situation
+```
+  VPN-1                                              VPN-2
+__________    /|       ___________      /|         __________
+|  local |   | |       | gateway |     | |         | remote |
+|        |---| |----<>------     |   Firewall      |        |
+|        | Firewall    |    \---<>-----| |---------|        |
+__________   | |       ___________     | |         __________
+             |/                        |/
+```
+Assuming you're trying to transfer a file from/to a remote computer ("remote") from/to your local computer ("local"), 
+establish a tunnel via a third computer ("gateway") by typing this on your local computer:
 
 ```bash
 $ ssh -fNL 12345:remote:22 gatewaylogin@gateway
@@ -199,13 +209,17 @@ $ ssh -fNL 12345:remote:22 gatewaylogin@gateway
 Then you can run an unlimited amount of SCP commands on this tunnel (still typing on your local computer):
 
 ```bash
+# scp [SRC] [DEST]
 $ scp -P 12345 remotelogin@localhost://path/to/remote/file /local/path/where/you/want/file
 ```
 
 another option is to use `rsync` with a gateway command:
 ```bash
+# rsync [SRC] [DEST]
 $ rsync -avz -r --stats --progress -e "ssh gateway ssh" remote:/src/documents/ /dest/documents 
 ```
+**Note: key-based authentication is required from the gateway to the remote server using rsync.**
+Initial testing showed that using key-based authentication between gateway and remote is required.
 
 # Q: How to connect to Jet, SRVX8, SRVX2?
 
-- 
GitLab