DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 21st September 2009
Sunnz's Avatar
Sunnz Sunnz is offline
Real Name: I don't have real time
Just a computer user...
 
Join Date: May 2008
Location: See Google Maps
Posts: 101
Default Anyone use SSH VPN?

What's your set up like?

I am considering using SSH for a home VPN, using the TunnelDevice/-w option...

Do you have to permitting root login to make it work? Can you use ethernet layer 2 "tap" device? Is there a way to use an existing device "tun0" or something instead of having SSH dynamically creating one?

Thanks.
__________________
She sells C shells by the seashore.
Reply With Quote
  #2   (View Single Post)  
Old 21st September 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I have played with it, to see how it worked, but have never used it in production. To the best of my recollection, root access is indeed required in order to establish the tunnels.

The way to use an existing device is described in the ssh(1) man page, look at the syntax for the -w option. I can't recall if I tested that feature, or not.
Reply With Quote
  #3   (View Single Post)  
Old 21st September 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quickly played with it again, under qemu.

Confirming: root required on both gateways. After logging in, the connecting gateway can exit the shell -- the SSH session will remain established until a ctrl-C. (I did not test this with any scripting, just from console.)

One can easily pre-establish tuns with specific addressing configurations and use -w local:remote to select them.
Reply With Quote
  #4   (View Single Post)  
Old 18th December 2009
There0 There0 is offline
./dev/null
 
Join Date: Jul 2008
Posts: 170
Default

@jggimi

Could you plz throw down what syntax you used? not quite a how to i was just wanting a comparision, if you have a "road warrior" type setup could you plz throw some of that down too? thx.
__________________
The more you learn, the more you realize how little you know ....
Reply With Quote
  #5   (View Single Post)  
Old 18th December 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

As I stated, I have only -played- with SSH VPNs, I have not ever used one in production. For production, these days, I am using IPSec.

A discussion of SSH VPNs, including syntax, can be found right in the ssh(1) man page, under the section called SSH-BASED VIRTUAL PRIVATE NETWORKS. There's another example in the OpenBSD Journal, which uses the ssh configuration files to eliminate the need for -w.

Additional details of SSH VPN were discussed in an interview Damien Miller gave to SecurityFocus when OpenSSH 4.3 was about to be released.
Reply With Quote
  #6   (View Single Post)  
Old 20th December 2009
There0 There0 is offline
./dev/null
 
Join Date: Jul 2008
Posts: 170
Default

Thx jmmigi, I have gone over the man pages for ssh a couple of times, i am happy with my current SSH and OpenVPN setup but am always looking/wanting to try something new or otherwise.

Im going to read the 2 other links you provided, i was actually wondering what YOU had typed at the command line to make this happen ...

Reading the OpenBSD journal link right now, seeing what i could use this setup for.
__________________
The more you learn, the more you realize how little you know ....
Reply With Quote
  #7   (View Single Post)  
Old 20th December 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I no longer recall what I typed. You can find plenty of examples if you Google for "ssh -w".
Reply With Quote
  #8   (View Single Post)  
Old 21st December 2009
There0 There0 is offline
./dev/null
 
Join Date: Jul 2008
Posts: 170
Default

-> jmmigi

Thx i do have a working setup, i was just wanting to see if you had anything special to add i could reverse analyze ... no matter though not sure how much extra tweaking can be done to this, thx for response.
__________________
The more you learn, the more you realize how little you know ....
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:42 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick