|
|
Home
|
Set up a SSH-based point to point connection |
|
|
|
Sunday, 30 November 2008 |
|
Page 2 of 2
Step 4: Establishing the point to point connection and creating the routes
Creating a TUN device on both systems:
ssh –w 0:0 –i /root/.ssh/id_rsa-vpn router2
|
Configure the network devices and add default routes on both system like this:
Router 1:
modprobe tun
ifconfig tun0 up
ifconfig tun0 192.168.100.31 pointopoint 192.168.100.32 netmask 255.255.255.0
route add –net 192.168.33.0 netmask 255.255.255.0 gw 192.168.100.32 tun0
echo “1” > /proc/sys/net/ipv4/ip_forward
|
Router 2:
modprobe tun
ifconfig tun0 up
ifconfig tun0 192.168.100.32 pointopoint 192.168.100.31 netmask 255.255.255.0
route add –net 10.0.0.0 netmask 255.255.255.0 gw 192.168.100.31 tun0
echo “1” > /proc/sys/net/ipv4/ip_forward
|
Step 5: Test the connection
SSH is such a wonderfully flexible and versatile program, and it has built-in support for creating a secure VPN to do just that. The idea is to make it so that all traffic from the “green network to the “yellow network” is routed through the remote server using a secure VPN link. We will use Wireshark to test this.
Test 1: Ping the desktop with IP 192.168.33.2 (Yellow network) from the Mail server with IP 10.0.0.3 (green network).
Test2: Try to access a webpage running on the server with IP 10.0.0.2 (green networl) from desktop with IP 192.168.33.2 (yellow network).
In both test we should just see encrypted packages like displayed in the picture below.
Step 5: Create your own script to start the tunnel automatically
There are other ways to set up SSH-based point to point connections and to automate the process, but we will leave these as an exercise for the reader. If you haven’t a clue how to start, download for example these files and try to adjust it for your favourite distribution.
ftp://ftp.heise.de/pub/ct/listings/0821-170.zip
|
|
Virus Info Feed
Alexa Traffic Stats
|
