As an easier alternative to ipsec vpn's, trumpet the arrival of SSH's new "-w" option.
With openBSD(4.2) and openSSH(4.3+), there's a "-w" option, and with it an ip forwarding feature. Classically, ssh(8) is a port forwarder. Not so classically, the "-w" feature is an IP forwarder. The IP can be point to point or point to subnet(s), or subnet(s) to subnet(s) and, thusly, its applicability and efficacy as a [truer] VPN.
Client side is as follows.
(N.B.: My sshd-as-a-vpn listens on port 443, not 22, to allow the client to traverse any intermediate firewalls that may block certain ports.)
openBSD client-side variant
Code:
# ssh -p443 -w 0:0 scott@mydomain.com
/*...authenticate per your ssh policy. */
# ifconfig tun0 10.0.0.2 10.0.0.1 netmask 255.255.255.252
# route add -inet 192.168.2.0/24 10.0.0.1
ubuntu client-side variant
Code:
# ssh -p443 -w 0:0 scott@mydomain.com
/*...authenticate per your ssh policy. */
# ifconfig tun0 10.0.0.2 pointopoint 10.0.0.1 netmask 255.255.255.252
/*yes, "pointopoint" is correct as shown */
# route add -net 192.168.2.0/24 gw 10.0.0.1