VPN over SSH

Config SSHD al destí

PermitRootLogin yes | without-password
PermitTunnel yes

LOCAL

ssh -w {tun_local}:{tun_remot} root@{ip}

ssh -w 0:0 root@{ip} #cal vigilar que no estiguin en ús
ssh -w any:any root@{ip} #assignació dev tun dinàmica
ssh -Cf -w {tun_local}:{tun_remot} root@{ip} # En segon plà
ssh -Cf -w 1:1 -o Tunnel=ethernet root@{ip}  # Layer2 (dev tap1)

DESTÍ

ip link set tun0 up
ip addr add 1.0.0.2/32 peer 1.0.0.1 dev tun0
ip route add {xarxalocal} via 1.0.0.1

echo "1" >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s {xarxalocal} -o {iface_lan} -j MASQUERADE

LOCAL

ip link set tun0 up
ip addr add 1.0.0.1/32 peer 1.0.0.2 dev tun0
ip route add {xarxaremota} via 1.0.0.2
echo "1" >/proc/sys/net/ipv4/ip_forward

Exemple d’una sola línia:

ssh -Cf -w 1:1 root@{host} 'ip link set tun1 up; ip addr add 1.0.0.2/32 peer 1.0.0.1 dev tun1;' ; ip link set tun1 up; ip addr add 1.0.0.1/32 peer 1.0.0.2 dev tun1