Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
howtos:network_services:tunnel_interfaces [2013/06/20 10:58 (UTC)] – [Tunnel Interfaces] ricky_cardo | howtos:network_services:tunnel_interfaces [2020/06/25 13:38 (UTC)] – [Results] ricky_cardo |
---|
root@darkstar:~# echo "1" > /proc/sys/net/ipv4/ip_forward | root@darkstar:~# echo "1" > /proc/sys/net/ipv4/ip_forward |
</code> | </code> |
* Almost forgot you will need to enable tunneling in /etc/ssh/sshd_conf. Find this part //#PermitTunnel no// uncomment and change to yes<code bash> | * Almost forgot you will need to enable tunneling in /etc/ssh/sshd_conf. Find this part //#PermitTunnel no// uncomment and change to yes (on the target machine) you can use vi to edit or try the below code:<code bash> |
root@darkstar:~# sudo sed -e "s/#PermitTunnel\ no/PermitTunnel\ yes\ #changed\ `date %yyyy%mm%dd`\ by\ `whoami`/" -i.stock /etc/ssh/sshd_config | root@darkstar:~# /usr/bin/sudo /bin/sed -e "s/#PermitTunnel\ no/PermitTunnel\ yes\ #changed\ `date '+%Y%m%d' \ |
</code> or for a temporary (lose at reboot) way use <code bash> | `\ by\ `/bin/whoami`/" -i.stock_slackware-`/bin/awk '{print $2}' /etc/slackware-version` /etc/ssh/sshd_config</code> |
root@darkstar:~# echo "1" > /proc/sys/net/ipv4/ip_forward | * Next I'm using autossh found at [[http://slackbuilds.org/result/?search=autossh|slackbuilds.org]] . The below script requires it (there is an alternate method mentioned at the bottom. Replace line 20.) |
</code> | |
* Next I'm using autossh found at [[http://slackbuilds.org/result/?search=autossh|slackbuilds.org]] . The below script requires it (there is likely a way without it since it is a wrapper) | |
* You will also want to have non-interactive ssh connections set up. Meaning [[howtos:security:sshkeys|authorized_keys setup with public/private keys]]. | * You will also want to have non-interactive ssh connections set up. Meaning [[howtos:security:sshkeys|authorized_keys setup with public/private keys]]. |
* Also assuming you have sudo privileges and user on the remote machine (using the ''NOPASSWD: ALL'' option in ''/etc/sudoers'') \\ Example: as root type "''visudo''" and add your user like this <code bash> | * Also assuming you have sudo privileges and user on the remote machine (using the ''NOPASSWD: ALL'' option in ''/etc/sudoers'') \\ Example: as root type "''visudo''" and add your user like this <code bash> |
# | # |
target=74.79.121.210 | target=74.79.121.210 |
| port=22 |
# | # |
########################################################### | ########################################################### |
# suggestions contact rich at lehcar.no-ip.org | # suggestions contact rich at lehcar.duckdns.org |
# with thanks to Billy T (for idea and assistance) | # with thanks to Billy T (for idea and assistance) |
########################################################### | ########################################################### |
/usr/bin/sudo /sbin/modprobe tun | /usr/bin/sudo /sbin/modprobe tun |
#load remote module | #load remote module |
/usr/bin/ssh $target "/usr/bin/sudo /sbin/modprobe tun" | /usr/bin/ssh -p $port $target "/usr/bin/sudo /sbin/modprobe tun" |
/bin/sleep 1 | /bin/sleep 1 |
| |
/usr/bin/sudo /usr/bin/autossh -M 0 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true | /usr/bin/sudo /usr/bin/autossh -p $port -M 0 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true |
/bin/sleep 4 | /bin/sleep 4 |
/usr/bin/ssh $target "/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.2 pointopoint 192.168.5.1 netmask 255.255.255.252 broadcast 192.168.5.3" | /usr/bin/ssh -p $port $target "/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.2 pointopoint 192.168.5.1 netmask 255.255.255.252 broadcast 192.168.5.3" |
/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.1 pointopoint 192.168.5.2 netmask 255.255.255.252 broadcast 192.168.5.3 | /usr/bin/sudo /sbin/ifconfig tun0 192.168.5.1 pointopoint 192.168.5.2 netmask 255.255.255.252 broadcast 192.168.5.3 |
/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | /usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE |
/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT | /usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT |
| |
/usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" | /usr/bin/ssh -p $port $target "/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" |
/usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT" | /usr/bin/ssh -p $port $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT" |
/usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT" | /usr/bin/ssh -p $port $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT" |
| |
</file> | </file> |
* To direct traffic over the tunnel try: <code bash> | * To direct traffic over the tunnel try: <code bash> |
user@darkstar:~$ sudo /sbin/route add -net 74.125.131.0 netmask 255.255.255.0 dev tun0 | user@darkstar:~$ sudo /sbin/route add -net 74.125.131.0 netmask 255.255.255.0 dev tun0 |
| </code> |
| |
| * To substitute normal ssh rather than autossh substitute this line below for the one with autossh (line 20)<code bash> |
| /usr/bin/sudo /usr/bin/ssh -p $port -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true |
</code> | </code> |
| |
I'm not going to be able to elaborate on the iptables rules still a little green there, but they work. | I'm not going to be able to elaborate on the iptables rules still a little green there, but they work. |
| |
| Here are a couple usage examples. Directing traffic to the tunnel interface. first example 10.10.132.0-255 second just 10.10.182.15 |
| **/sbin/route add -net 10.10.132.0 netmask 255.255.255.0 dev tun0** |
| **/sbin/route add -net 10.10.182.15 netmask 255.255.255.255 dev tun0** |
====== Sources ====== | ====== Sources ====== |
<!-- If you are copying information from another source, then specify that source --> | <!-- If you are copying information from another source, then specify that source --> |
| |
<!-- Please do not modify anything below, except adding new tags.--> | <!-- Please do not modify anything below, except adding new tags.--> |
{{tag>howtos tunnel tun0 author_ricky_cardo for_review}} | {{tag>howtos tunnel tun0 author_ricky_cardo}} |