VPN alternative: ssh -w
As an easier alternative to ipsec vpn's, trumpet the arrival of SSH's new "-w" option.
With openBSD(4.2) and openSSH(4.3+), there's a "-w" option, and with it an ip forwarding feature. Classically, ssh(8) is a port forwarder. Not so classically, the "-w" feature is an IP forwarder. The IP can be point to point or point to subnet(s), or subnet(s) to subnet(s) and, thusly, its applicability and efficacy as a [truer] VPN.
Client side is as follows.
(N.B.: My sshd-as-a-vpn listens on port 443, not 22, to allow the client to traverse any intermediate firewalls that may block certain ports.)
openBSD client-side variant
# ssh -p443 -w 0:0 firstname.lastname@example.org /*...authenticate per your ssh policy. */ # ifconfig tun0 10.0.0.2 10.0.0.1 netmask 255.255.255.252 # route add -inet 192.168.2.0/24 10.0.0.1
# ssh -p443 -w 0:0 email@example.com /*...authenticate per your ssh policy. */ # ifconfig tun0 10.0.0.2 pointopoint 10.0.0.1 netmask 255.255.255.252 /*yes, "pointopoint" is correct as shown */ # route add -net 192.168.2.0/24 gw 10.0.0.1
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Last edited by s2scott; 5th May 2008 at 02:46 PM.
|Thread||Thread Starter||Forum||Replies||Last Post|
|sysjail alternative||Stellar||OpenBSD General||7||4th September 2009 04:38 PM|
|Alternative Architecture Laptops||JMJ_coder||General Hardware||6||7th October 2008 05:05 PM|
|Alternative to FoxPro?||michaelrmgreen||Programming||2||18th July 2008 11:40 AM|
|iTunes alternative||stukov||Off-Topic||8||14th June 2008 01:55 PM|
|There is an alternative way to find a packages?||aleunix||OpenBSD Packages and Ports||23||6th June 2008 07:18 AM|