Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VPN if all you have is ssh!

 I'm sure there are a lot of different ways to accomplish this, but I say, 
this seems pretty cool to me. 

Say you work at a company that only allows Microsoft tools (exchange, 
connectra, etc.), or a mere ssh connection through a gateway. How do you 
use tools like source control, email, etc.? 

Well, here's how I did it: 

Use ssh to the gateway and use the "-L" port forwarding option to forward 
a local port, say 2022, to port 22 on my machine in the main office. 

ssh -C -L 2022:mymachine:22 gateway.company.com 

This opens a compressed and encrypted connection to the gateway, and 
forwards ssh on my office machine on port 2022. 

Now, run ssh with the -w option (for a VPN) as: 

ssh -f -p 2022 -w 0:0 root@localhost "/root/vpn/vpnstartup.sh" 

# Now initialize tunnel device created by ssh 
/sbin/ifconfig tun0 
# Now assign it an ip address on your local network 
/sbin/ifconfig tun0 192.168.2.10 
# Now add a route for it 
/sbin/route add -net 192.168.1.0 netmask 255.255.255.0 tun0 

On the remote machine, you'll create a script called "startvpn.sh" 
/sbin/ifconfig tun0 
/sbin/ifconfig tun0 192.168.1.99 
/sbin/route add -net 192.168.2.0 netmask 255.255.255.0 tun0 


This assumes your local network is 192.168.2.0, and your work network is 
192.168.1.0. You probably should parameterize the scripts to make them 
more flexible. 

This technique works surprisingly well, and with encryption, makes a lot 
of the things feel much "closer." I'm sure any admins out there are 
terrified as they read this. 

Also, since I use Linux as my firewall/router at home, I run this script 
on the firewall, and the machines on my local network are "on" my company 
network. My laptop doesn't know or care whether or not it is at home or at 
work. 


-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

_______________________________________________ 
Discuss mailing list 
[hidden email] 
http://lists.blu.org/mailman/listinfo/discuss
BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix / webmaster@blu.org