Howto: VPN over SSH
This short tutorial describes how to create an vpn tunnel connecting two PCs ('localhost', 'server') using only SSH.
For me it only works having root access on both PCs.
Server (sshd running on it) config
The config file /etc/ssh/sshd_config needs to be adapted:
/etc/ssh/sshd_config:
PermitTunnel yes
## is equivalent to "pointopoint", see man sshd_config
Also root needs to be able to login to the server (e.g. via authorized_keys - safer than via password).
Way 1: Manually / Step by Step
The following steps are done according to https://help.ubuntu.com/community/SSH_VPN.
root@localhost#> ssh -w 0:0 root@server // ssh creates tunneling interface on both sides
root@localhost#> ip addr show | grep POINTOPOINT // run this to check for tun interface
root@server#> ip addr show | grep POINTOPOINT // run this to check for tun interface
// now just configure devices properly
root@localhost#> ip link set tun0 up; ip addr add 10.0.0.100/32 peer 10.0.0.200 dev tun0 // for client/localhost
root@server#> ip link set tun0 up; ip addr add 10.0.0.200/32 peer 10.0.0.100 dev tun0 // for server
Now the connection between the two PCs should already work. For routing between the subnets check the link above.
Way 2: All in one cmd..
The following steps are done according to https://wiki.archlinux.org/index.php/VPN_over_SSH.
root@localhost#> ssh \
-o PermitLocalCommand=yes \
-o LocalCommand="ifconfig tun0 192.168.244.2 pointopoint 192.168.244.1 netmask 255.255.255.0" \
-o ServerAliveInterval=60 \
-w 0:0 root@server \
'ifconfig tun0 192.168.244.1 pointopoint 192.168.244.2 netmask 255.255.255.0; echo tun0 ready'
This command creates a tunnel interface tun0 on both sides (-w 0:0) and configures them for point-to-point communication.
For routing between the subnets check the links below.
Used sources: