Difference between revisions of "VPN over SSH"
Jump to navigation
Jump to search
(→Troubleshooting) |
(→Troubleshooting) |
||
Line 47: | Line 47: | ||
* ssh should have access rights to tun interface or permissions to create it. Check owner of tun interface and/or /dev/net/tun. | * ssh should have access rights to tun interface or permissions to create it. Check owner of tun interface and/or /dev/net/tun. | ||
* Obviously if you want to access network (not single machine) you should set up IP packet forwarding and maybe netfilter. | * Obviously if you want to access network (not single machine) you should set up IP packet forwarding and maybe netfilter. | ||
+ | |||
+ | == See also == | ||
+ | * [[Configuring Network]] | ||
+ | * [[Ssh]] | ||
+ | * [[Router]] |
Revision as of 19:23, 29 May 2012
OpenSSH has built-in VPN support using -w<local-tun-number>:<remote-tun-number>.
Set up
Create tun interfaces
Create tun interfaces:
$ cat /etc/network.d/vpn INTERFACE='tun5' CONNECTION='tuntap' MODE='tun' USER='vpn' GROUP='network' IP='static' SKIPNOCARRIER='yes' ADDR='<IP>' IPCFG=('route add <REMOTE-NETWORK/MASK> via <REMOTE-SIDE-IP>')
Then do 'netcfg -u vpn' or add it into /etc/conf.d/netcfg.
Also SSH can create both interfaces automatically, but you should configure IP and routing manually after connection established.
Start SSH
ssh -f -w5:5 vpn@example.com -i ~/.ssh/key "sleep 1000000000"
or you may add keep-alive options if you are behind a NAT.
ssh -f -w5:5 vpn@example.com \ -o ServerAliveInterval=30 \ -o ServerAliveCountMax=5 \ -o TCPKeepAlive=yes \ -i ~/.ssh/key "sleep 1000000000"
Troubleshooting
- ssh should have access rights to tun interface or permissions to create it. Check owner of tun interface and/or /dev/net/tun.
- Obviously if you want to access network (not single machine) you should set up IP packet forwarding and maybe netfilter.