some people write a simple trick to make vpn connection over ssh tunnel without additional program or authentication files such ta, cert, ca etc.
on linux, pppd and ssh are commonly used. So you can try this trick :
PPPD is /usr/sbin/pppd
SSH is /usr/bin/ssh
${PPPD} updetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -l${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD} nodetach notty noauth" ipparam vpn ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR}
before you do this trick, make sure that :
you ssh connection is running with batch mode, you need to make ssh-keygen on your client, then put the key to the server authorized keys.
after you do this trick, if you want to re-route your traffic to vpn server, you need to run :
1. routing on server :
iptables -t nat -A POSTROUTING -s [your_vpn_client_ip] -d 0/0 -j MASQUERADE
2. routing on client
route add default gw [your_vpn_server_ip]
..show all:.
.
some people write a simple trick to make vpn connection over ssh tunnel without additional program or authentication files such ta, cert, ca etc.
on linux, pppd and ssh are commonly used. So you can try this trick :
PPPD is /usr/sbin/pppd
SSH is /usr/bin/ssh
${PPPD} updetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -l${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD} nodetach notty noauth" ipparam vpn ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR}
before you do this trick, make sure that :
you ssh connection is running with batch mode, you need to make ssh-keygen on your client, then put the key to the server authorized keys.
after you do this trick, if you want to re-route your traffic to vpn server, you need to run :
1. routing on server :
iptables -t nat -A POSTROUTING -s [your_vpn_client_ip] -d 0/0 -j MASQUERADE
2. routing on client
route add default gw [your_vpn_server_ip]
No comments:
Post a Comment