How to set up a SSH VPN

Last updated: Feb 21, 2021

Intro

I needed to access to a network which only has a ssh server. So I used the ssh tools to set a VPN tunnel.

Network diagram

Destination : Debian

eth0 : 192.168.1.10/24
tun0 : 10.110.0.100/32

Commands

This package is needed in order to have tun0 interface

root@host:~# apt-get install uml-utilities

Check the service is up

root@host:~# systemctl status uml-utilities.service

Turn ip forward on

root@host:~# echo 1 | tee /proc/sys/net/ipv4/ip_forward

Set tun0 address

root@host:~# ip addr add 10.110.0.100/32 peer 10.110.0.200 dev tun0

Turn tun0 interface up

root@host:~# ip link set tun0 up

Add 192.168.2.0/24 route (in this case the 192.168.1.0/24 network needs to have 192.168.1.10 as default gateway)

root@host:~# ip route add 192.168.2.0/24 via 10.110.0.200

Or you can set netfilter masquerading to access to 192.168.1.0/24

root@host:~# iptables -t nat -A POSTROUTING -d 192.168.1.0/24 -o eth0 -j MASQUERADE

/etc/ssh/sshd_config

PermitRootLogin yes
PermitTunnel yes

root@host:~# systemctl restart sshd

Source : Archlinux

eth0 : 192.168.2.10/24
tun0 : 10.110.0.200/32

Commands

-w local_tun[:remote_tun] : Requests tunnel device forwarding with the specified tun(4) devices between the client (local_tun) and the server (remote_tun).

-N : Do not execute a remote command

-f : Requests ssh to go to background just before command execution

root@host:~# ssh -Nf -w 0:0 -p 22 root@1.1.1.1

Set tun0 address

root@host:~# ip addr add 10.110.0.200/32 peer 10.110.0.100 dev tun0

Turn tun0 interface up

root@host:~# ip link set tun0 up

Add 192.168.1.0/24 route

root@host:~# ip route add 192.168.1.0/24 via 10.110.0.100

References

ubuntu.com : https://help.ubuntu.com/

Computing

Music

Misc

How to set up a SSH VPN

Intro

Network diagram

Destination : Debian

Commands

/etc/ssh/sshd_config

Source : Archlinux

Commands

References