RobMeerman.co.uk

User Tools

Site Tools

You are here: RobMeerman.co.uk » VPN over SSH
Trace:
vpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
vpn [2021/11/01 14:08]
robm Add Fast Reliable Proxy (frp_ 		vpn [2025/06/27 15:40] (current)
robm Improve iptables commands
Line 41: Line 41:
 # responses are likewise accepted # responses are likewise accepted
 echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
-/sbin/iptables -F+#/sbin/iptables -F
 /sbin/iptables -A FORWARD ! --source 172.16.0.2 --destination 172.16.0.2 \ /sbin/iptables -A FORWARD ! --source 172.16.0.2 --destination 172.16.0.2 \
         -m state --state RELATED,ESTABLISHED -j ACCEPT         -m state --state RELATED,ESTABLISHED -j ACCEPT
Line 50: Line 50:
 # this host, so *we* can forward it to the remote end. This is the MASQUERADE # this host, so *we* can forward it to the remote end. This is the MASQUERADE
 # rule. # rule.
-/sbin/iptables -t nat -F +#/sbin/iptables -t nat -F 
-/sbin/iptables -t nat -A POSTROUTING --destination 172.16.0. -j MASQUERADE+/sbin/iptables -t nat -A POSTROUTING --source 172.16.0. -j MASQUERADE
  
 # Monitor packets # Monitor packets
Line 88: Line 88:
   - **As root** on your client system, generate a new SSH keypair to use for VPN. <code>ssh-keygen -f ~/.ssh/id_rsa_vpn -N ''</code>   - **As root** on your client system, generate a new SSH keypair to use for VPN. <code>ssh-keygen -f ~/.ssh/id_rsa_vpn -N ''</code>
   - Install new public key into remote system, and prefix with a ForeCommand which is run whenever this key is used to authenticate:<code>( \   - Install new public key into remote system, and prefix with a ForeCommand which is run whenever this key is used to authenticate:<code>( \
-  printf 'tunnel="0",command="ifconfig tun0 inet 172.16.0.1 dstaddr 172.16.0.2" ' ; \+  printf 'tunnel="0",command="fuser -k /dev/net/tun; ifconfig tun0 inet 172.16.0.1 dstaddr 172.16.0.2" ' ; \
   cat ~/.ssh/id_rsa_test.pub \   cat ~/.ssh/id_rsa_test.pub \
 ) | ssh root@www.robmeerman.co.uk tee -a .ssh/authorized_keys</code> ) | ssh root@www.robmeerman.co.uk tee -a .ssh/authorized_keys</code>
Line 95: Line 95:
   User root   User root
   # Remote's .ssh/authorised_keys entry for this identity is prefixed with:   # Remote's .ssh/authorised_keys entry for this identity is prefixed with:
-  # tunnel="0",command="ifconfig tun0 inet 172.16.0.1 dstaddr 172.16.0.2" ssh-rsa+  # tunnel="0",command="fuser -k /dev/net/tun; ifconfig tun0 inet 172.16.0.1 dstaddr 172.16.0.2" ssh-rsa
   IdentityFile ~root/.ssh/id_rsa_vpn   IdentityFile ~root/.ssh/id_rsa_vpn
   Tunnel yes   Tunnel yes
Line 157: Line 157:
  
 # ( \ # ( \
-#   printf 'tunnel="0",command="ifconfig tun0 inet 172.16.0.1 dstaddr 172.16.0.2" ' ; \+#   printf 'tunnel="0",command="fuser -k /dev/net/tun; ifconfig tun0 inet 172.16.0.1 dstaddr 172.16.0.2" ' ; \
 #   cat ~/.ssh/id_rsa_test.pub \ #   cat ~/.ssh/id_rsa_test.pub \
 # ) | ssh root@www.robmeerman.co.uk tee -a .ssh/authorized_keys # ) | ssh root@www.robmeerman.co.uk tee -a .ssh/authorized_keys
vpn.1635775721.txt.gz · Last modified: 2021/11/01 14:08 by robm

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki