Difference between revisions of "VPN over SSH"

From ArchWiki
Jump to: navigation, search
(Created page with "Category: Virtual Private Network OpenSSH has built-in VPN support using -w<local-tun-number>:<remote-tun-number>. == Set up == === Create tun interfaces === Create tu...")
 
(Start SSH)
Line 30: Line 30:
  
 
<pre>
 
<pre>
ssh -f -w5:5 vpn@example.com -i ~/.ssh/key "sleep 1000000"
+
ssh -f -w5:5 vpn@example.com -i ~/.ssh/key "sleep 1000000000"
 
</pre>
 
</pre>
  
Line 40: Line 40:
 
         -o ServerAliveCountMax=5 \
 
         -o ServerAliveCountMax=5 \
 
         -o TCPKeepAlive=yes \
 
         -o TCPKeepAlive=yes \
         -i ~/.ssh/key "sleep 1000000"
+
         -i ~/.ssh/key "sleep 1000000000"
 
</pre>
 
</pre>
  

Revision as of 19:05, 29 May 2012


OpenSSH has built-in VPN support using -w<local-tun-number>:<remote-tun-number>.

Set up

Create tun interfaces

Create tun interfaces:

$ cat /etc/network.d/vpn
INTERFACE='tun5'
CONNECTION='tuntap'
MODE='tun'
USER='vpn'
GROUP='network'

IP='static'
SKIPNOCARRIER='yes'
ADDR='<IP>'
IPCFG=('route add <REMOTE-NETWORK/MASK> via <REMOTE-SIDE-IP>')

Then do 'netcfg -u vpn' or add it into /etc/conf.d/netcfg.

Also SSH can create both interfaces automatically, but you should configure IP and routing manually after connection established.

Start SSH

ssh -f -w5:5 vpn@example.com -i ~/.ssh/key "sleep 1000000000"

or you may add keep-alive options if you are behind a NAT.

ssh -f -w5:5 vpn@example.com \
        -o ServerAliveInterval=30 \
        -o ServerAliveCountMax=5 \
        -o TCPKeepAlive=yes \
        -i ~/.ssh/key "sleep 1000000000"

Troubleshooting

  • ssh should have access rights to tun interface or permissions to create it.