DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 5th May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default VPN alternative: ssh -w

As an easier alternative to ipsec vpn's, trumpet the arrival of SSH's new "-w" option.

With openBSD(4.2) and openSSH(4.3+), there's a "-w" option, and with it an ip forwarding feature. Classically, ssh(8) is a port forwarder. Not so classically, the "-w" feature is an IP forwarder. The IP can be point to point or point to subnet(s), or subnet(s) to subnet(s) and, thusly, its applicability and efficacy as a [truer] VPN.

Client side is as follows.

(N.B.: My sshd-as-a-vpn listens on port 443, not 22, to allow the client to traverse any intermediate firewalls that may block certain ports.)

openBSD client-side variant
Code:
# ssh -p443 -w 0:0 scott@mydomain.com
  /*...authenticate per your ssh policy. */
# ifconfig tun0 10.0.0.2 10.0.0.1 netmask 255.255.255.252
# route add -inet 192.168.2.0/24 10.0.0.1
ubuntu client-side variant
Code:
# ssh -p443 -w 0:0 scott@mydomain.com
  /*...authenticate per your ssh policy. */
# ifconfig tun0 10.0.0.2 pointopoint 10.0.0.1 netmask 255.255.255.252
  /*yes, "pointopoint" is correct as shown */
# route add -net 192.168.2.0/24 gw 10.0.0.1
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 5th May 2008 at 02:46 PM.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sysjail alternative Stellar OpenBSD General 7 4th September 2009 04:38 PM
Alternative Architecture Laptops JMJ_coder General Hardware 6 7th October 2008 05:05 PM
Alternative to FoxPro? michaelrmgreen Programming 2 18th July 2008 11:40 AM
iTunes alternative stukov Off-Topic 8 14th June 2008 01:55 PM
There is an alternative way to find a packages? aleunix OpenBSD Packages and Ports 23 6th June 2008 07:18 AM


All times are GMT. The time now is 11:37 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick