Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
howtos:network_services:tunnel_interfaces [2013/07/31 11:54 (UTC)] – [Sources] ricky_cardo | howtos:network_services:tunnel_interfaces [2013/11/23 15:45 (UTC)] – [Tunnel Interfaces] ricky_cardo |
---|
root@darkstar:~# /usr/bin/sudo /bin/sed -e "s/#PermitTunnel\ no/PermitTunnel\ yes\ #changed\ `date '+%Y%m%d' \ | root@darkstar:~# /usr/bin/sudo /bin/sed -e "s/#PermitTunnel\ no/PermitTunnel\ yes\ #changed\ `date '+%Y%m%d' \ |
`\ by\ `/bin/whoami`/" -i.stock_slackware-`/bin/awk '{print $2}' /etc/slackware-version` /etc/ssh/sshd_config</code> | `\ by\ `/bin/whoami`/" -i.stock_slackware-`/bin/awk '{print $2}' /etc/slackware-version` /etc/ssh/sshd_config</code> |
* Next I'm using autossh found at [[http://slackbuilds.org/result/?search=autossh|slackbuilds.org]] . The below script requires it (there is likely a way without it since it is a wrapper) | * Next I'm using autossh found at [[http://slackbuilds.org/result/?search=autossh|slackbuilds.org]] . The below script requires it (there is an alternate method mentioned at the bottom. Replace line 20.) |
* You will also want to have non-interactive ssh connections set up. Meaning [[howtos:security:sshkeys|authorized_keys setup with public/private keys]]. | * You will also want to have non-interactive ssh connections set up. Meaning [[howtos:security:sshkeys|authorized_keys setup with public/private keys]]. |
* Also assuming you have sudo privileges and user on the remote machine (using the ''NOPASSWD: ALL'' option in ''/etc/sudoers'') \\ Example: as root type "''visudo''" and add your user like this <code bash> | * Also assuming you have sudo privileges and user on the remote machine (using the ''NOPASSWD: ALL'' option in ''/etc/sudoers'') \\ Example: as root type "''visudo''" and add your user like this <code bash> |
# | # |
target=74.79.121.210 | target=74.79.121.210 |
| port=22 |
# | # |
########################################################### | ########################################################### |
/usr/bin/sudo /sbin/modprobe tun | /usr/bin/sudo /sbin/modprobe tun |
#load remote module | #load remote module |
/usr/bin/ssh $target "/usr/bin/sudo /sbin/modprobe tun" | /usr/bin/ssh -p $port $target "/usr/bin/sudo /sbin/modprobe tun" |
/bin/sleep 1 | /bin/sleep 1 |
| |
/usr/bin/sudo /usr/bin/autossh -M 0 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true | /usr/bin/sudo /usr/bin/autossh -p $port -M 0 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true |
/bin/sleep 4 | /bin/sleep 4 |
/usr/bin/ssh $target "/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.2 pointopoint 192.168.5.1 netmask 255.255.255.252 broadcast 192.168.5.3" | /usr/bin/ssh -p $port $target "/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.2 pointopoint 192.168.5.1 netmask 255.255.255.252 broadcast 192.168.5.3" |
/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.1 pointopoint 192.168.5.2 netmask 255.255.255.252 broadcast 192.168.5.3 | /usr/bin/sudo /sbin/ifconfig tun0 192.168.5.1 pointopoint 192.168.5.2 netmask 255.255.255.252 broadcast 192.168.5.3 |
/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | /usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE |
/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT | /usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT |
| |
/usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" | /usr/bin/ssh -p $port $target "/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" |
/usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT" | /usr/bin/ssh -p $port $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT" |
/usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT" | /usr/bin/ssh -p $port $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT" |
| |
</file> | </file> |
* To direct traffic over the tunnel try: <code bash> | * To direct traffic over the tunnel try: <code bash> |
user@darkstar:~$ sudo /sbin/route add -net 74.125.131.0 netmask 255.255.255.0 dev tun0 | user@darkstar:~$ sudo /sbin/route add -net 74.125.131.0 netmask 255.255.255.0 dev tun0 |
| </code> |
| |
| * To substitute normal ssh rather than autossh substitute this line below for the one with autossh (line 20)<code bash> |
| /usr/bin/sudo /usr/bin/ssh -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true |
</code> | </code> |
| |