How to set up a SSH VPN

Intro

I needed to access to a network which only has a ssh server. So I used the ssh tools to set a VPN tunnel.

Network diagram

Destination : Debian

• eth0 : 192.168.1.10/24
• tun0 : 10.110.0.100/32

Commands

• This package is needed in order to have tun0 interface

root@host:~# apt-get install uml-utilities

• Check the service is up

root@host:~# systemctl status uml-utilities.service

• Turn ip forward on

root@host:~# echo 1 | tee /proc/sys/net/ipv4/ip_forward

• Set tun0 address

root@host:~# ip addr add 10.110.0.100/32 peer 10.110.0.200 dev tun0

• Turn tun0 interface up

root@host:~# ip link set tun0 up

• Add 192.168.2.0/24 route (in this case the 192.168.1.0/24 network needs to have 192.168.1.10 as default gateway)

root@host:~# ip route add 192.168.2.0/24 via 10.110.0.200

• Or you can set netfilter masquerading to access to 192.168.1.0/24

root@host:~# iptables -t nat -A POSTROUTING -d 192.168.1.0/24 -o eth0 -j MASQUERADE

/etc/ssh/sshd_config

PermitRootLogin yes
PermitTunnel yes

root@host:~# systemctl restart sshd

Source : Archlinux

• eth0 : 192.168.2.10/24
• tun0 : 10.110.0.200/32

Commands

• -w local_tun[:remote_tun] : Requests tunnel device forwarding with the specified tun(4) devices between the client (local_tun) and the server (remote_tun).

• -N : Do not execute a remote command

• -f : Requests ssh to go to background just before command execution

root@host:~# ssh -Nf -w 0:0 -p 22 root@1.1.1.1

• Set tun0 address

root@host:~# ip addr add 10.110.0.200/32 peer 10.110.0.100 dev tun0

• Turn tun0 interface up

root@host:~# ip link set tun0 up

• Add 192.168.1.0/24 route

root@host:~# ip route add 192.168.1.0/24 via 10.110.0.100

References

• ubuntu.com : https://help.ubuntu.com/