On Wednesday 27 February 2002 01:53 pm, Joachim Schiele [ qknight ] wrote:
> hi listmembers
> has some1 ever managed to get a ssh-secured ip-tunnel from a
> debian linuxbox to a debian linuxbox?
>
> i would like some more infos on this, if some1 has some howto laying
> arround, please let me know, cause i didn't find anything down the net
> about how to set this up or how to configure this...
>
> tnx very much
>
> Gruss/Regards,
> Joachim Schiele
i dont have a howto on it but all you need to do is this:
generate a ssh dsa key on the client machine by typing
ssh-keygen -t dsa
add a vpn user to the server machine, and place the public key created on
the client into vpn's home directory in .ssh/authorized_keys2 (one key per
line), this file needs to be chmod 600 i think.
create a file in /etc/ppp called /etc/ppp/options.ssh and have it contain
these lines:
ipcp-accept-local
ipcp-accept-remote
proxyarp
noauth
novj
#
set the vpn's default shell to /usr/sbin/pppd , pppd must be setuid
root.
enter these commands on the client machine:
# these commands assume you're using bash
#$SERVER is the server machine
/usr/local/sbin/pty-redir /usr/bin/ssh -t -e none -o 'Compression no' -c
blowfish -i /root/.ssh/dsa-vpn -l vpn $SERVER > /tmp/vpn
#the above is all one line
#wait about 5 seconds or so
# you can pick any ip you want
/usr/sbin/pppd `cat /tmp/vpn` 192.168.1.2:192.168.2.2
defgw=$(route -n | tail -1 | awk '{print $2}')
route add $SERVER gw $defgw
route del default
# the below may be ppp1 if you're dialed in with a modem to begin with
route add default ppp0
#
hopefully the vpn should work. of course if you wish to use network
connectivity out of the server machine you'll need to configure iptables or
ipchains rules.