RobMeerman.co.uk

User Tools

Site Tools

You are here: RobMeerman.co.uk » VPN via SSH TAP interfaces
Trace:
vpn-ssh-tap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revision Both sides next revision
vpn-ssh-tap [2020/07/25 12:28]
robm [VPN via SSH TAP interfaces] 		vpn-ssh-tap [2020/07/25 12:52]
robm [VPN via SSH TAP interfaces]
Line 10: Line 10:
  
 VM, where eth1 is connected to the network I want to make my RPi appear in: VM, where eth1 is connected to the network I want to make my RPi appear in:
 +
 +Vagrantfile (based on using [[https://www.parallels.com/|Parallels]], rather than VirtualBox):
  
 <code> <code>
-ip link add br0 up type bridge             Create a bridge +-*- mode: ruby -*- 
-ip address add 192.168.167.134/24 dev br0  Copy the address and netmask of eth1 +vi: set ft=ruby :
-ip address flush dev eth1                  # Remove eth1's addresses completely +
-ip link set eth1 master br0                # Attach eth1 to the bridge +
-</code>+
  
-Raspberry Pi:+BRIDGE_ADAPTORS=[ 
 +  "en0Wi-Fi (AirPort)", # MacBook Pro (MacOS v10.15, Catalina), VirtualBox 
 +  "en0",                  # MacBook Pro (MacOS v10.15, Catalina), Parallels 
 +  "eno1",                 # Ubuntu 16.04 LTS 
 +  # Add your OS's default here 
 +  ]
  
-<code> +Vagrant.configure("2") do |config| 
-VM_HOST=192.168.167.237 +  config.vm.box "bento/ubuntu-20.04" 
-sudo ip link add br0 up type bridge +  config.vm.network "public_network", bridge: BRIDGE_ADAPTORS
-sudo ip link set eth0 up master br0 +
-sudo ssh \ +
-  -o PermitLocalCommand=yes \ +
-  -o "LocalCommand=ip link set tap5 up master br0\ +
-  -o Tunnel=ethernet \ +
-  -w 5:5 \ +
-  -t \ +
-  root@${VM_HOST} \ +
-  "ip link set tap5 up master br0" +
-</code>+
  
 +  config.vm.provider "parallels" do |prl|
 +    # Cf. http://download.parallels.com/doc/pcs/html/Parallels_Cloud_Server_Command_Line_Reference_Guide/32912.htm
 +    prl.customize ["set", :id,
 +                   "--device-set", "net0", 
 +                   "--ipfilter", "no",
 +                   "--macfilter", "no",
 +                   "--preventpromisc", "no"]
 +    prl.customize ["set", :id,
 +                   "--device-set", "net1", 
 +                   "--ipfilter", "no",
 +                   "--macfilter", "no",
 +                   "--preventpromisc", "no"]
 +  end
 +
 +  config.vm.provision "shell",
 +    privileged: true,
 +    inline: <<-SHELL
 +      # Secure Shell daemon configuration changes
 +      echo "PermitTunnel yes" >> /etc/ssh/sshd_config
 +      echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
 +      systemctl reload sshd
 +
 +      # Root account is disabled by default (password begins with literal '!'),
 +      # so we'll change the password to re-enable the account
 +      usermod -p '*' root
 +
 +      # Install GadgetPi's ~/.ssh/id_rsa.pub, so it can login as root without
 +      # requiring an operator
 +      umask 0077
 +      mkdir /root/.ssh
 +      echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCx963D3ErL6s9uWmSye1ZU+TCS4aDAJBbQI/NZLqg05EXnYVfXEPm2ZuStij4JjsIgdFbL+E73vd/alNgUBpe1YD73+oP9ndSdsAU/kXrx/zy0qCRWsi4fma6MmGIU0sYFuNvnwKsyjoFu0g5Y4SKQeD/0J7f+AmP4XOSnR2mhcFFE96wFYdq1UJanky0YI/oJcz2CRny5tO+iCjqm98BcvnEI/3vQOH4fOtffzW1SvqDobiQtP58POHd2NfRJo9ygVemCFqdvV9v17tvuhW0AxBZcBm1TZ9wb/oQnWvR8OvqO0XSYGZYuC+DERCSC+3dLSNL/LmoDDDdIjgHXTUNv root@raspberrypi
 +" >> /root/.ssh/authorized_keys
 +
 +      # Enable acting as a router (forwarding packets)
 +      echo "" >> /etc/sysctl.conf  # In case the file does not end with a newline
 +      echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
 +      sysctl --load /etc/sysctl.conf
 +    SHELL
 +
 +    config.vm.post_up_message = <<-EOF
 +      Run the following on this VM:
 +
 +        VM_HOST=192.168.167.100/24
 +        sudo ip link add br0 up type bridge     # Create a bridge
 +        sudo ip address add ${VM_HOST} dev br0  # Copy the address and netmask of eth1
 +        sudo ip address flush dev eth1          # Remove eth1's addresses completely
 +        sudo ip link set eth1 master br0        # Attach eth1 to the bridge
 +
 +      Run the following on the GadgetPi:
 +      
 +        VM_HOST=192.168.167.237
 +        sudo ip link add br0 up type bridge
 +        sudo ip link set eth0 up master br0
 +        sudo ssh \\
 +            -o PermitLocalCommand=yes \\
 +            -o "LocalCommand=ip link set tap5 up master br0" \\
 +            -o Tunnel=ethernet \\
 +            -w 5:5 \\
 +            -t \\
 +            root@${VM_HOST} \\
 +            "ip link set tap5 up master br0"
 +    EOF
 +end
 +</code>
 ===== Debugging ===== ===== Debugging =====
  
 I found [[https://www.wireshark.org/docs/man-pages/tshark.html| tshark - Dump and analyze network traffic]] useful, as it can capture ethernet frames to a file (such as ''/vagrant/tshark'') which you can then load into the Wireshark GUI after the fact. I found [[https://www.wireshark.org/docs/man-pages/tshark.html| tshark - Dump and analyze network traffic]] useful, as it can capture ethernet frames to a file (such as ''/vagrant/tshark'') which you can then load into the Wireshark GUI after the fact.
vpn-ssh-tap.txt · Last modified: 2020/08/06 11:48 by robm

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki