[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
howtos:network_services:tunnel_interfaces [2013/06/21 01:58 (UTC)] – [Tunnel Interfaces] - update sshd_conf ricky_cardohowtos:network_services:tunnel_interfaces [2020/06/25 13:41 (UTC)] (current) – [Results] ricky_cardo
Line 7: Line 7:
 root@darkstar:~# echo "1" > /proc/sys/net/ipv4/ip_forward root@darkstar:~# echo "1" > /proc/sys/net/ipv4/ip_forward
 </code> </code>
-  * Almost forgot you will need to enable tunneling in /etc/ssh/sshd_conf.  Find this part //#PermitTunnel no// uncomment and change to yes (on the target machine)<code bash> +  * Almost forgot you will need to enable tunneling in /etc/ssh/sshd_conf.  Find this part //#PermitTunnel no// uncomment and change to yes (on the target machine) you can use vi to edit or try the below code:<code bash> 
-root@darkstar:~# sudo sed -e "s/#PermitTunnel\ no/PermitTunnel\ yes\ #changed\ `date '+%Y%m%d'`\ by\ `whoami`/" -i.stock /etc/ssh/sshd_config +root@darkstar:~# /usr/bin/sudo /bin/sed -e "s/#PermitTunnel\ no/PermitTunnel\ yes\ #changed\ `date '+%Y%m%d' 
-</code> or for a temporary (lose at reboot) way use <code bash> +`\ by\ `/bin/whoami`/" -i.stock_slackware-`/bin/awk '{print $2}' /etc/slackware-version` /etc/ssh/sshd_config</code>  
-root@darkstar:~# echo "1"/proc/sys/net/ipv4/ip_forward +  * Next I'm using autossh found at [[http://slackbuilds.org/result/?search=autossh|slackbuilds.org]] . The below script requires it (there is an alternate method mentioned at the bottom. Replace line 20.)
-</code> +
-  * Next I'm using autossh found at [[http://slackbuilds.org/result/?search=autossh|slackbuilds.org]] . The below script requires it (there is likely a way without it since it is a wrapper)+
   * You will also want to have non-interactive ssh connections set up.  Meaning [[howtos:security:sshkeys|authorized_keys setup with public/private keys]].     * You will also want to have non-interactive ssh connections set up.  Meaning [[howtos:security:sshkeys|authorized_keys setup with public/private keys]].  
   * Also assuming you have sudo privileges and user on the remote machine (using the ''NOPASSWD: ALL'' option in ''/etc/sudoers'') \\ Example: as root type "''visudo''" and add your user like this <code bash>   * Also assuming you have sudo privileges and user on the remote machine (using the ''NOPASSWD: ALL'' option in ''/etc/sudoers'') \\ Example: as root type "''visudo''" and add your user like this <code bash>
Line 26: Line 24:
 # #
 target=74.79.121.210 target=74.79.121.210
 +port=22
 # #
 ########################################################### ###########################################################
-# suggestions contact rich at lehcar.no-ip.org+# suggestions contact rich at lehcar.duckdns.org
 # with thanks to Billy T (for idea and assistance) # with thanks to Billy T (for idea and assistance)
 ########################################################### ###########################################################
Line 34: Line 33:
 /usr/bin/sudo /sbin/modprobe tun /usr/bin/sudo /sbin/modprobe tun
 #load remote module #load remote module
-/usr/bin/ssh $target "/usr/bin/sudo /sbin/modprobe tun"+/usr/bin/ssh -p $port $target "/usr/bin/sudo /sbin/modprobe tun"
 /bin/sleep 1 /bin/sleep 1
  
-/usr/bin/sudo /usr/bin/autossh -M 0 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true+/usr/bin/sudo /usr/bin/autossh -p $port -M 0 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true
 /bin/sleep 4 /bin/sleep 4
-/usr/bin/ssh $target "/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.2 pointopoint 192.168.5.1 netmask 255.255.255.252 broadcast 192.168.5.3"+/usr/bin/ssh -p $port $target "/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.2 pointopoint 192.168.5.1 netmask 255.255.255.252 broadcast 192.168.5.3"
 /usr/bin/sudo /sbin/ifconfig tun0 192.168.5.1 pointopoint 192.168.5.2 netmask 255.255.255.252 broadcast 192.168.5.3 /usr/bin/sudo /sbin/ifconfig tun0 192.168.5.1 pointopoint 192.168.5.2 netmask 255.255.255.252 broadcast 192.168.5.3
 /usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Line 45: Line 44:
 /usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT /usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
  
-/usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" +/usr/bin/ssh -p $port $target "/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" 
-/usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT" +/usr/bin/ssh -p $port $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT" 
-/usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT"+/usr/bin/ssh -p $port $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT"
  
 </file> </file>
Line 53: Line 52:
   * To direct traffic over the tunnel try: <code bash>   * To direct traffic over the tunnel try: <code bash>
 user@darkstar:~$ sudo /sbin/route add -net 74.125.131.0 netmask 255.255.255.0 dev tun0 user@darkstar:~$ sudo /sbin/route add -net 74.125.131.0 netmask 255.255.255.0 dev tun0
 +</code>
 +
 +  * To substitute normal ssh rather than autossh substitute this line below for the one with autossh (line 20)<code bash>
 +/usr/bin/sudo /usr/bin/ssh -p $port -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true
 </code> </code>
  
Line 63: Line 66:
 I'm not going to be able to elaborate on the iptables rules still a little green there, but they work. I'm not going to be able to elaborate on the iptables rules still a little green there, but they work.
  
 +**Here are a couple usage examples.**  
 +Directing traffic to the tunnel interface.  first example 10.10.132.0-255 second just 10.10.182.15 
 +<code bash>/sbin/route add -net 10.10.132.0 netmask 255.255.255.0 dev tun0
 +/sbin/route add -net 10.10.182.15 netmask 255.255.255.255 dev tun0</code>
 ====== Sources ====== ====== Sources ======
 <!-- If you are copying information from another source, then specify that source --> <!-- If you are copying information from another source, then specify that source -->
Line 71: Line 78:
  
 <!-- Please do not modify anything below, except adding new tags.--> <!-- Please do not modify anything below, except adding new tags.-->
-{{tag>howtos tunnel tun0 author_ricky_cardo for_review}}+{{tag>howtos tunnel tun0 author_ricky_cardo}}
 howtos:network_services:tunnel_interfaces ()