Now start the SSH Layer-2 VPN tunnel by issuing the following command on the localhost:ssh -o Tunnel=ethernet -f -w 0:0 trueĪssuming all went well, the tunnel should be up, and it should be possible for the local and remote servers to ping each other on their 192.168.1.x IP addresses. Next, configure the “tap0” interfaces on both ends: On the local host:sudo ifconfig tap0 192.168.1.101 netmask 255.255.255.0 On both the local and remote servers, run the following command to create a “tap0” virtual network interface:sudo tunctl -t tap0 Make sure “PermitRootLogin” is set to “yes” in sshd_config on the remote system.Įstablishing a layer-2 SSH VPN using “tap” devices:.Check to make sure IPTables isn’t blocking traffic in/out of the tun0 network interfaces.Make sure “PermitTunnel” is set to “yes” in sshd_config on both ends.To shut down the tunnel, find the process-ID (PID) of the ssh command on the local server and send it a SIGTERM kill signal. If the pings are successful, then it should also be possible to pass TCP and UDP traffic over the tunnel. On the remote server:sudo ifconfig tun0 192.168.1.102 netmask 255.255.255.0Īt this point, it should be possible for the local and remote servers to ICMP ping each other at their 192.168.1.x IP addresses. (NOTE: You must be root on BOTH the local system and the remote system in order to create the “tun0” virtual network devices and connect them via SSH’s tunneling protocol.) On the local server:sudo ifconfig tun0 192.168.1.101 netmask 255.255.255.0 On the local server, issue the following command:sudo ssh -f -w 0:0 true For protocols such as DHCP, or for bridging remote networks together, a Layer-2 SSH VPN tunnel can be used.Įstablishing a layer-3 SSH VPN using “tun” devices: It’s actually possible to do ICMP pings, DNS lookups, NTP time syncing, and TFTP file transfers over a Layer-3 SSH VPN tunnel. SSH can do much more than the TCP port-forwarding examples shown above. Tunneling non-TCP protocols with Layer-2 and Layer-3 VPN tunnels: (Some network appliances terminate TCP sessions which sit idle for a few minutes.)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |