RobMeerman.co.uk

User Tools

Site Tools

You are here: RobMeerman.co.uk » VPN over SSH
Trace: Final Year Project IE Proxy
vpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
vpn [2021/11/01 14:08]
robm Add Fast Reliable Proxy (frp_ 		vpn [2025/06/27 15:40] (current)
robm Improve iptables commands
Line 41: Line 41:
 # responses are likewise accepted # responses are likewise accepted
 echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
-/sbin/iptables -F+#/sbin/iptables -F
 /sbin/iptables -A FORWARD ! --source 172.16.0.2 --destination 172.16.0.2 \ /sbin/iptables -A FORWARD ! --source 172.16.0.2 --destination 172.16.0.2 \
         -m state --state RELATED,ESTABLISHED -j ACCEPT         -m state --state RELATED,ESTABLISHED -j ACCEPT
Line 50: Line 50:
 # this host, so *we* can forward it to the remote end. This is the MASQUERADE # this host, so *we* can forward it to the remote end. This is the MASQUERADE
 # rule. # rule.
-/sbin/iptables -t nat -F +#/sbin/iptables -t nat -F 
-/sbin/iptables -t nat -A POSTROUTING --destination 172.16.0. -j MASQUERADE+/sbin/iptables -t nat -A POSTROUTING --source 172.16.0. -j MASQUERADE
  
 # Monitor packets # Monitor packets
Line 88: Line 88:
   - **As root** on your client system, generate a new SSH keypair to use for VPN. <code>ssh-keygen -f ~/.ssh/id_rsa_vpn -N ''</code>   - **As root** on your client system, generate a new SSH keypair to use for VPN. <code>ssh-keygen -f ~/.ssh/id_rsa_vpn -N ''</code>
   - Install new public key into remote system, and prefix with a ForeCommand which is run whenever this key is used to authenticate:<code>( \   - Install new public key into remote system, and prefix with a ForeCommand which is run whenever this key is used to authenticate:<code>( \
-  printf 'tunnel="0",command="ifconfig tun0 inet 172.16.0.1 dstaddr 172.16.0.2" ' ; \+  printf 'tunnel="0",command="fuser -k /dev/net/tun; ifconfig tun0 inet 172.16.0.1 dstaddr 172.16.0.2" ' ; \
   cat ~/.ssh/id_rsa_test.pub \   cat ~/.ssh/id_rsa_test.pub \
 ) | ssh root@www.robmeerman.co.uk tee -a .ssh/authorized_keys</code> ) | ssh root@www.robmeerman.co.uk tee -a .ssh/authorized_keys</code>
Line 95: Line 95:
   User root   User root
   # Remote's .ssh/authorised_keys entry for this identity is prefixed with:   # Remote's .ssh/authorised_keys entry for this identity is prefixed with:
-  # tunnel="0",command="ifconfig tun0 inet 172.16.0.1 dstaddr 172.16.0.2" ssh-rsa+  # tunnel="0",command="fuser -k /dev/net/tun; ifconfig tun0 inet 172.16.0.1 dstaddr 172.16.0.2" ssh-rsa
   IdentityFile ~root/.ssh/id_rsa_vpn   IdentityFile ~root/.ssh/id_rsa_vpn
   Tunnel yes   Tunnel yes
Line 157: Line 157:
  
 # ( \ # ( \
-#   printf 'tunnel="0",command="ifconfig tun0 inet 172.16.0.1 dstaddr 172.16.0.2" ' ; \+#   printf 'tunnel="0",command="fuser -k /dev/net/tun; ifconfig tun0 inet 172.16.0.1 dstaddr 172.16.0.2" ' ; \
 #   cat ~/.ssh/id_rsa_test.pub \ #   cat ~/.ssh/id_rsa_test.pub \
 # ) | ssh root@www.robmeerman.co.uk tee -a .ssh/authorized_keys # ) | ssh root@www.robmeerman.co.uk tee -a .ssh/authorized_keys
vpn.1635775721.txt.gz · Last modified: 2021/11/01 14:08 by robm

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki