Linux-Tip News

We are proud to present Linux-Tip Europe. This page is designed to provide the Linux users community (not only in Europe) with news and articles that are of interest to them. It works by allowing members of the community to submit news and articles relating to Linux hardware and software. This same community can then decide what tips should be promoted based on what they consider to be the most important or interesting to the community by voting stories up and down. Stories that receive enough votes are promoted to the Linux-Tip Europe homepage. Bookmark and Share
 
Home arrow Workshops arrow Server arrow Set up a SSH-based point to point connection
Set up a SSH-based point to point connection Print E-mail
Sunday, 30 November 2008
Article Index
Set up a SSH-based point to point connection
Page 2
Page 1 of 2
OpenSSH version 4.3 introduced a new feature: the ability to create on-the-fly "Virtual Private Networks" via the tunnel driver (the so-called "tun" driver). This allows you to create a network interface that bridges two physically disparate network segments in different locations. This article explains how to use SSH to set up SSH-based point to point connections with OpenSuse 11.0 which can then be used to create routes that create virtual private networks.

 

 

 

 

Workshop Setup 

 

What does this picture show? We have two OpenSuse 11.0 Routers, Router 1 and Router2 in different locations. Router 1 is connected to the “green network” 10.0.0.0/24 and Router 2 is connected to the “yellow network” 192.168.33.0/24 via Ethernet. Both routers providing NAT functionality and make internet connection available for the connected clients.
In our test environment both routers are using the tun interfaces (192.168.100.31/32) to establish a SSH-based point to point connection.
Important! Please change this IP to routable addresses in reality!
Once the tunnel is set up, the machines in the “yellow network” will be able to directly access the “green network” and vice versa using a secure VPN link.
Please keep in mind that you have to secure both routers using IP filter or firewall functionality in your real environment. 

 

Step 1: Preparing the OpenSuse Routers

Install a basic system for both routers. Please keep in mind that you do not need desktop environments like KDE or Gnome. In the “Desktop Selection” part, use Other – Minimal Server Selection (Text Mode) (see pictures below).
Configure the network interface (eth0) in Router 2 using the IP addresses 192.168.33.1 and Router 1  -> 10.0.0.1. The net mask will be 255.255.255.0 on both sites.  For further information and help, please use this link.

 

That’s it; we’re later able to configure the router by using the yast command. For test purposes, please disable the built in firewall.

Click image to open!
Click image to open!
Click image to open!
Click image to open!


Step 2: Preparing Router 1

Open /etc/ssh/sshd_config using your favourite editor and enable the following lines:

PermitRootLogin yes            ## Line 41
PermitTunnel yes                ## line 111
RSAAuthentication yes        ## line 45           
PubkeyAuthentication yes   ## line 46

Restart ssh by using the following command:

/etc/init.d/sshd restart

Generating the key :

ssh-keygen –t rsa

store the key in:

/root/.ssh/id_rsa-vpn     ## no passphrase

Copy the public Key to Router2:

scp /root/.ssh/id_rsa-vpn.pub 192.168.100.32:/root/.ssh/

Remark: Please create the directory /root/.ssh/ on router 2 first.


Step 3: Preparing Router 2

Start to configure sshd like you have done with Router1. 

Add the key you have received from router1 to the flle authorized_keys

cat /root/.ssh/id_rsa-vpn.pub > /root/.ssh/autorized_keys


Check the connection from router 1 to router 2. It should work without a password authentication.

ssh -i  /root/.ssh/id_rsa-vpn 192.168.100.32


Prev - Next >>
 
< Prev   Next >
[ Back ]

Bookmark this article

Main Menu

Home
News
Tips and Tricks
Workshops
Video-Tutorials
Search
Contact Us
Disclaimer

Virus Info Feed

Alexa Traffic Stats

Sedo - Domains kaufen und verkaufen das Projekt linux-tip.eu steht zum Verkauf Besucherstatistiken von linux-tip.eu etracker® Web-Controlling statt Logfile-Analyse
Urlaub Spanien