nzliner.blogg.se - Tell specific all to use ssh tunnel

Next, configure the “tap0” interfaces on both ends: On the local host:sudo ifconfig tap0 192.168.1.101 netmask 255.255.255.0 On both the local and remote servers, run the following command to create a “tap0” virtual network interface:sudo tunctl -t tap0

Make sure “PermitRootLogin” is set to “yes” in sshd_config on the remote system.Įstablishing a layer-2 SSH VPN using “tap” devices:.

Check to make sure IPTables isn’t blocking traffic in/out of the tun0 network interfaces.

Make sure “PermitTunnel” is set to “yes” in sshd_config on both ends.

To shut down the tunnel, find the process-ID (PID) of the ssh command on the local server and send it a SIGTERM kill signal.

If the pings are successful, then it should also be possible to pass TCP and UDP traffic over the tunnel. On the remote server:sudo ifconfig tun0 192.168.1.102 netmask 255.255.255.0Īt this point, it should be possible for the local and remote servers to ICMP ping each other at their 192.168.1.x IP addresses. (NOTE: You must be root on BOTH the local system and the remote system in order to create the “tun0” virtual network devices and connect them via SSH’s tunneling protocol.) On the local server:sudo ifconfig tun0 192.168.1.101 netmask 255.255.255.0 On the local server, issue the following command:sudo ssh -f -w 0:0 true For protocols such as DHCP, or for bridging remote networks together, a Layer-2 SSH VPN tunnel can be used.Įstablishing a layer-3 SSH VPN using “tun” devices: It’s actually possible to do ICMP pings, DNS lookups, NTP time syncing, and TFTP file transfers over a Layer-3 SSH VPN tunnel. SSH can do much more than the TCP port-forwarding examples shown above. Tunneling non-TCP protocols with Layer-2 and Layer-3 VPN tunnels: (Some network appliances terminate TCP sessions which sit idle for a few minutes.)

Adding the “-o ServerAliveInterval=30” option will help to keep the tunnels up by keeping the TCP connections are active.To terminate these tunnels, it will be necessary to find their process-ID (PID) and send a SIGTERM kill signal. Adding both the “-f” and “-N” options to the SSH commands listed above will effectively run them quietly in the background (in a “daemonized” mode).The “-N” option tells SSH to not run any command on the remote server.The “-f” option tells SSH to run in the background.Useful command-line options for the commands discussed above: If opening a privileged port for listening on a remote system, the “PermitRootLogin” the directive must be set to either “yes” or “without-password”. If setting up a TCP-forwarding listener on a privileged port (0 to 1023), this must be doneĪs root.It may be necessary to set “GatewayPorts” to “yes”. If setting up a TCP-forwarding listener on a non-loopback network interface,.Make sure that “AllowTcpForwarding” is enabled (set to “yes”).

(using the -R option)ssh -R ssh -R :80:localhost:80 few quick notes on sshd_config directives: (using the -L option)ssh -L -L 8080:localhost:80 -L a remote TCP port to a local TCP port: Here are some examples of SSH commands that probably look quite familiar:įorwarding a local TCP port to a remote TCP port: Many of us are quite familiar with the setup of SSH tunnels using the “-L” and “-R” options to do TCP port-forwarding - to access a web server behind a NAT and/or firewall, to connect to a MySQL or Oracle database that isn’t directly reachable, or to make a desktop workstation at the office reachable via SSH through a bastion host which is SSH-reachable. By Bill Brassfield – Dev Ops Technical Consultantįirst, a review of simple TCP SSH tunnels: