RobMeerman.co.uk

User Tools

Site Tools

You are here: RobMeerman.co.uk » VPN via SSH TAP interfaces
Trace:
vpn-ssh-tap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
vpn-ssh-tap [2020/07/25 01:59]
robm 		vpn-ssh-tap [2020/08/06 11:48] (current)
robm [VPN via SSH TAP interfaces]
Line 10: Line 10:
  
 VM, where eth1 is connected to the network I want to make my RPi appear in: VM, where eth1 is connected to the network I want to make my RPi appear in:
 +
 +Vagrantfile (based on using [[https://www.parallels.com/|Parallels]], rather than VirtualBox):
  
 <code> <code>
-ip link add br0 up type bridge             Create a bridge +-*- mode: ruby -*- 
-ip address add 192.168.167.134/24 dev br0  Copy the address and netmask of eth1 +vi: set ft=ruby :
-ip address flush dev eth1                  # Remove eth1's addresses completely +
-ip link set eth1 master br0                # Attach eth1 to the bridge +
-</code>+
  
-Raspberry Pi:+BRIDGE_ADAPTORS=[ 
 +  "en0Wi-Fi (AirPort)", # MacBook Pro (MacOS v10.15, Catalina), VirtualBox 
 +  "en0",                  # MacBook Pro (MacOS v10.15, Catalina), Parallels 
 +  "eno1",                 # Ubuntu 16.04 LTS 
 +  # Add your OS's default here 
 +  ]
  
-<code> +Vagrant.configure("2") do |config| 
-sudo ip link add br0 up type bridge +  config.vm.box "bento/ubuntu-20.04" 
-sudo ssh \ +  config.vm.network "public_network", bridge: BRIDGE_ADAPTORS
-  -o PermitLocalCommand=yes \ +
-  -o "LocalCommand=ip link set tap5 up master br0\ +
-  -o Tunnel=ethernet \ +
-  -w 5:5 \ +
-  -t \ +
-  root@192.168.167.237 \ +
-  "ip link set tap5 up master br0" +
-</code>+
  
 +  config.vm.provider "parallels" do |prl|
 +    # Cf. http://download.parallels.com/doc/pcs/html/Parallels_Cloud_Server_Command_Line_Reference_Guide/32912.htm
 +    prl.customize ["set", :id,
 +                   "--device-set", "net0", 
 +                   "--ipfilter", "no",
 +                   "--macfilter", "no",
 +                   "--preventpromisc", "no"]
 +    prl.customize ["set", :id,
 +                   "--device-set", "net1", 
 +                   "--ipfilter", "no",
 +                   "--macfilter", "no",
 +                   "--preventpromisc", "no"]
 +  end
 +
 +  config.vm.provision "shell",
 +    privileged: true,
 +    inline: <<-SHELL
 +      # Secure Shell daemon configuration changes
 +      echo "PermitTunnel yes" >> /etc/ssh/sshd_config
 +      echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
 +      systemctl reload sshd
 +
 +      # Root account is disabled by default (password begins with literal '!'),
 +      # so we'll change the password to re-enable the account
 +      usermod -p '*' root
 +
 +      # Install GadgetPi's ~/.ssh/id_rsa.pub, so it can login as root without
 +      # requiring an operator
 +      umask 0077
 +      mkdir /root/.ssh
 +      echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCx963D3ErL6s9uWmSye1ZU+TCS4aDAJBbQI/NZLqg05EXnYVfXEPm2ZuStij4JjsIgdFbL+E73vd/alNgUBpe1YD73+oP9ndSdsAU/kXrx/zy0qCRWsi4fma6MmGIU0sYFuNvnwKsyjoFu0g5Y4SKQeD/0J7f+AmP4XOSnR2mhcFFE96wFYdq1UJanky0YI/oJcz2CRny5tO+iCjqm98BcvnEI/3vQOH4fOtffzW1SvqDobiQtP58POHd2NfRJo9ygVemCFqdvV9v17tvuhW0AxBZcBm1TZ9wb/oQnWvR8OvqO0XSYGZYuC+DERCSC+3dLSNL/LmoDDDdIjgHXTUNv root@raspberrypi
 +" >> /root/.ssh/authorized_keys
 +
 +      # Enable acting as a router (forwarding packets)
 +      echo "" >> /etc/sysctl.conf  # In case the file does not end with a newline
 +      echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
 +      sysctl --load /etc/sysctl.conf
 +    SHELL
 +
 +    config.vm.post_up_message = <<-EOF
 +      Run the following on this VM:
 +
 +        ETH1_IP=192.168.167.100/24
 +        sudo ip link add br0 up type bridge     # Create a bridge
 +        sudo ip address add ${ETH1_IP} dev br0  # Copy the address and netmask of eth1
 +        sudo ip address flush dev eth1          # Remove eth1's addresses completely
 +        sudo ip link set eth1 master br0        # Attach eth1 to the bridge
 +
 +      Run the following on the GadgetPi:
 +      
 +        REMOTE_HOST=192.168.167.237
 +        sudo ip link add br0 up type bridge
 +        sudo ip link set eth0 up master br0
 +        sudo ssh \\
 +            -o PermitLocalCommand=yes \\
 +            -o "LocalCommand=ip link set tap5 up master br0" \\
 +            -o Tunnel=ethernet \\
 +            -w 5:5 \\
 +            -t \\
 +            root@${REMOTE_HOST} \\
 +            "ip link set tap5 up master br0"
 +    EOF
 +end
 +</code>
 ===== Debugging ===== ===== Debugging =====
  
 I found [[https://www.wireshark.org/docs/man-pages/tshark.html| tshark - Dump and analyze network traffic]] useful, as it can capture ethernet frames to a file (such as ''/vagrant/tshark'') which you can then load into the Wireshark GUI after the fact. I found [[https://www.wireshark.org/docs/man-pages/tshark.html| tshark - Dump and analyze network traffic]] useful, as it can capture ethernet frames to a file (such as ''/vagrant/tshark'') which you can then load into the Wireshark GUI after the fact.
vpn-ssh-tap.1595642340.txt.gz · Last modified: 2020/07/25 01:59 by robm

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki