Creare una VPN con ssh 4.3

From RVM Wiki
Revision as of 13:32, 3 March 2007 by Gabriele.vivinetto (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Attenzione questo articolo è ancora incompleto.
Sentiti libero di contribuire cliccando sul tasto edit.

http://gentoo-wiki.com/HOWTO_VPN_over_SSH_and_tun

Introduction

The following script will let you start a full featured VPN using SSH and tun.

The script

#!/sbin/sh
HOST=your.web.server
TUN_LOCAL=0
TUN_REMOTE=1
IP_LOCAL=192.168.2.2
IP_REMOTE=192.168.2.1
IP_MASK=24
PRIVATE_NETWORK=10.0.0.0/8
PRIVATE_DOMAIN="your.private.domain private.domain"
PRIVATE_NAMESERVER=192.168.2.1
PRIVATE_LOCAL=10.0.1.2

echo "Starting VPN tunnel ..."
modprobe tun
ssh -w ${TUN_LOCAL}:${TUN_REMOTE} -f ${HOST} "\
	ip addr add ${IP_REMOTE}/${IP_MASK} dev tun${TUN_REMOTE} \
	&& ip link set tun${TUN_REMOTE} up \
	&& iptables -t nat -I POSTROUTING -s ${IP_LOCAL} -j SNAT --to ${PRIVATE_LOCAL} \
	&& iptables -t nat -I PREROUTING -d ${PRIVATE_LOCAL} -j DNAT --to ${IP_LOCAL} \
	&& iptables -I INPUT -i tun${TUN_REMOTE} -j ACCEPT \
	&& iptables -I FORWARD -i tun${TUN_REMOTE} -j ACCEPT \
	&& iptables -t nat -I PREROUTING -i tun${TUN_REMOTE} -j ACCEPT \
	&& true"
sleep 3
ip addr add ${IP_LOCAL}/${IP_MASK} dev tun0
ip link set tun${TUN_LOCAL} up
ip route add ${PRIVATE_NETWORK} dev tun${TUN_LOCAL}
echo "search ${PRIVATE_DOMAIN}
nameserver ${PRIVATE_NAMESERVER}
" >/etc/resolv.conf
echo "... done."

Configuration

The following configuration can be set at the beginning of the script:

Item Description
HOST Hostname of the remote SSH server (either IP or DNS name).
TUN_LOCAL Number of local tun interface. You cannot use ‘any’.
TUN_REMOTE Number of remote tun interface. You cannot use ‘any’.
IP_LOCAL IP address of local tun interface.
IP_REMOTE IP address of server tun interface.
IP_MASK IP address mask of the tuns.
PRIVATE_NETWORK Network specification (any of its IP addresses and mask) of the private network.
PRIVATE_DOMAIN Space delimiteed list of domain names of the private network (if any).
PRIVATE_NAMESERVER Nameserver in the private network.
PRIVATE_LOCAL IP address in the private network that uses this computer (in order to allow access from the private network).

TODO

Convert to init.d script (ie. create stop script), detect failure, on close clear the server’s iptables and restore local ‘/etc/resolv.conf’.

Retrieved from "https://kb.rvmgroup.it/index.php?title=Creare_una_VPN_con_ssh_4.3&oldid=5118"