~greenfoo/vpn_over_ssh

Simple bash script to establish a VPN connection over an SSH tunnel
adb6a964 — Fernando Ramos 3 years ago 
Add license
e1087627 — Fernando 7 years ago 
README in markdown format
cd62d173 — Fernando 10 years ago 
Version 0.2

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~greenfoo/vpn_over_ssh
read/write
git@git.sr.ht:~greenfoo/vpn_over_ssh

You can also use your local clone with git send-email.

#Description

This script establishes a VPN connection over an SSH tunnel.

It works like this: if you have access to an SSH server on a remote network (example: you can SSH from home into a computer from your school or workplace), then you can use this script to "virtually" add your home computer to the campus network.

Once the script is executed, you will be able to access all the services you can usually only access when you are sitting in front of one of the campus' computers (like internal email servers, network shares, etc...)

In addition to that, you also get these extra "features":

  • Any other computer from your local network that uses YOU as a gateway will also be able to access the remote network computers.

  • Any other computer from the remote network that uses the computer you have SSH'ed into as a router will also be able to access your local network computers.

Note that only traffic specifically addressed to the remote network computers will be using the tunnel, the rest of it (ie. your "regular" interent traffic) will still use your local router.

One more thing, broadcast/multicast packets do not traverse the tunnel. This means you need to connect to a service by using its IP instead of using some kind of service discovery protocol. In other words: uPnP video servers from one network will not appear on video clients from the other network.

#Dependencies

In order to run this script you need a few things:

  1. The "ip" binary (from the "iproute" package) must be installed in both computers (local and remote).

  2. The "iptables" binary (from the "iptables" package) must be installed in both computers (local and remote).

  3. You must have root access to the remote computer (the ssh server).

  4. You must have root access to the local computer (remember that this script must be executed with "sudo") and the "root" user must have a public key in "/root/.ssh". If you don't have one, execute "ssh-keygen" first.

  5. The ssh server in the remote computer must have the following two lines on its "/etc/ssh/sshd_config" configuration file added:

    PermitRootLogin yes
PermitTunnel    yes

#Usage

  1. Open the script and search for a section called "INPUT ARGUMENTS" (it's at the very beginning of the script).

  2. Edit the arguments you will find there according to the instructions given on the comments.

  3. Exit the editor.

  4. Execute the script.

  5. In order to finish the connection, follow the instructions printed on the screen when the script is executed.

#Credits

I created this script according to the instructions found here:

http://backreference.org/2009/11/13/openssh-based-vpns/