Difference between revisions of "VPN over SSH"
(→Troubleshooting) |
(→Troubleshooting) |
||
| Line 47: | Line 47: | ||
* ssh should have access rights to tun interface or permissions to create it. Check owner of tun interface and/or /dev/net/tun. | * ssh should have access rights to tun interface or permissions to create it. Check owner of tun interface and/or /dev/net/tun. | ||
* Obviously if you want to access network (not single machine) you should set up IP packet forwarding and maybe netfilter. | * Obviously if you want to access network (not single machine) you should set up IP packet forwarding and maybe netfilter. | ||
| + | |||
| + | == See also == | ||
| + | * [[Configuring Network]] | ||
| + | * [[Ssh]] | ||
| + | * [[Router]] | ||
Revision as of 19:23, 29 May 2012
OpenSSH has built-in VPN support using -w<local-tun-number>:<remote-tun-number>.
Set up
Create tun interfaces
Create tun interfaces:
$ cat /etc/network.d/vpn
INTERFACE='tun5'
CONNECTION='tuntap'
MODE='tun'
USER='vpn'
GROUP='network'
IP='static'
SKIPNOCARRIER='yes'
ADDR='<IP>'
IPCFG=('route add <REMOTE-NETWORK/MASK> via <REMOTE-SIDE-IP>')
Then do 'netcfg -u vpn' or add it into /etc/conf.d/netcfg.
Also SSH can create both interfaces automatically, but you should configure IP and routing manually after connection established.
Start SSH
ssh -f -w5:5 vpn@example.com -i ~/.ssh/key "sleep 1000000000"
or you may add keep-alive options if you are behind a NAT.
ssh -f -w5:5 vpn@example.com \
-o ServerAliveInterval=30 \
-o ServerAliveCountMax=5 \
-o TCPKeepAlive=yes \
-i ~/.ssh/key "sleep 1000000000"
Troubleshooting
- ssh should have access rights to tun interface or permissions to create it. Check owner of tun interface and/or /dev/net/tun.
- Obviously if you want to access network (not single machine) you should set up IP packet forwarding and maybe netfilter.