Here's the gateway side configuration...
Code:
/etc/hostname.tun0
inet 10.0.0.1 255.255.255.252 10.0.0.2 group tun
Code:
/etc/hostname.tun1
inet 10.0.0.5 255.255.255.252 10.0.0.6 group tun
Code:
/etc/hostname.tun2
inet 10.0.0.9 255.255.255.252 10.0.0.10 group tun
Code:
/etc/hostname.tun3
inet 10.0.0.13 255.255.255.252 10.0.0.14 group tun
Code:
/etc/ssh/sshd_config #
Protocol 2
LoginGraceTime 20
PermitRootLogin yes
Banner /etc/ssh/sshd_banner
PrintMotd yes
UseDNS no
MACs hmac-ripemd160,hmac-sha1
ciphers aes256-ctr,aes128-ctr,3des-cbc
ListenAddress vpn.mydomain.com:443
ClientAliveInterval 20
ClientAliveCountMax 3
StrictModes yes MaxAuthTries 3
PermitTunnel point-to-point
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
#
Subsystem sftp /usr/libexec/sftp-server
#
publickeys are the only authentication method. Client-side private keys are pass-phrase protected.