View Single Post
  #2   (View Single Post)  
Old 5th May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Here's the gateway side configuration...

Code:
/etc/hostname.tun0 
inet 10.0.0.1 255.255.255.252 10.0.0.2 group tun
Code:
/etc/hostname.tun1 
inet 10.0.0.5 255.255.255.252 10.0.0.6 group tun
Code:
/etc/hostname.tun2
inet 10.0.0.9 255.255.255.252 10.0.0.10 group tun
Code:
/etc/hostname.tun3
inet 10.0.0.13 255.255.255.252 10.0.0.14 group tun
Code:
/etc/ssh/sshd_config #
 Protocol 2 
LoginGraceTime 20 
PermitRootLogin yes 
Banner /etc/ssh/sshd_banner 
PrintMotd yes 
UseDNS no 
MACs hmac-ripemd160,hmac-sha1 
ciphers aes256-ctr,aes128-ctr,3des-cbc 
ListenAddress vpn.mydomain.com:443 
ClientAliveInterval 20 
ClientAliveCountMax 3 
StrictModes yes MaxAuthTries 3 
PermitTunnel point-to-point 
PubkeyAuthentication yes 
AuthorizedKeysFile %h/.ssh/authorized_keys 
PasswordAuthentication no 
ChallengeResponseAuthentication no 
#
Subsystem sftp /usr/libexec/sftp-server 
#
publickeys are the only authentication method. Client-side private keys are pass-phrase protected.
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 5th May 2008 at 02:47 PM.
Reply With Quote