Difference between revisions of "VPN over SSH"

From ArchWiki
Jump to: navigation, search
(Troubleshooting)
(Troubleshooting)
Line 47: Line 47:
 
* ssh should have access rights to tun interface or permissions to create it. Check owner of tun interface and/or /dev/net/tun.
 
* ssh should have access rights to tun interface or permissions to create it. Check owner of tun interface and/or /dev/net/tun.
 
* Obviously if you want to access network (not single machine) you should set up IP packet forwarding and maybe netfilter.
 
* Obviously if you want to access network (not single machine) you should set up IP packet forwarding and maybe netfilter.
 +
 +
== See also ==
 +
* [[Configuring Network]]
 +
* [[Ssh]]
 +
* [[Router]]

Revision as of 19:23, 29 May 2012


OpenSSH has built-in VPN support using -w<local-tun-number>:<remote-tun-number>.

Set up

Create tun interfaces

Create tun interfaces: 

$ cat /etc/network.d/vpn
INTERFACE='tun5'
CONNECTION='tuntap'
MODE='tun'
USER='vpn'
GROUP='network'

IP='static'
SKIPNOCARRIER='yes'
ADDR='<IP>'
IPCFG=('route add <REMOTE-NETWORK/MASK> via <REMOTE-SIDE-IP>')

Then do 'netcfg -u vpn' or add it into /etc/conf.d/netcfg.

Also SSH can create both interfaces automatically, but you should configure IP and routing manually after connection established.

Start SSH

ssh -f -w5:5 vpn@example.com -i ~/.ssh/key "sleep 1000000000"

or you may add keep-alive options if you are behind a NAT. 

ssh -f -w5:5 vpn@example.com \
        -o ServerAliveInterval=30 \
        -o ServerAliveCountMax=5 \
        -o TCPKeepAlive=yes \
        -i ~/.ssh/key "sleep 1000000000"

Troubleshooting

  • ssh should have access rights to tun interface or permissions to create it. Check owner of tun interface and/or /dev/net/tun.
  • Obviously if you want to access network (not single machine) you should set up IP packet forwarding and maybe netfilter.

See also

Retrieved from "https://wiki.archlinux.org/index.php?title=VPN_over_SSH&oldid=203183"