Interesting....
While I do not have time to make any comparisons, I still wonder which
one would be simpler (or perhaps same amount of effort)
OpenVPN (also uses TUN) or SSH like explaned below.
Petr
Joey Kelly wrote:
> Guys,
>
> Call this a mini-howto if you like. If you see any problems, please let me
> know, so I can correct them.
>
> If you're a roaming user or you're trying to link a satellite office to the
> main network, SSH can handle the job. Other solutions exist, and SSH isn't
> perfect, but this is probably the simplest trick out there.
>
> OpenSSH since version 4.3 has the ability to set up TUN/TAP tunnels. I'm sure
> most of you have set up port-forwarding via SSH, but this is a little
> different than that. Instead of forwarding one TCP port to a host on the other
> side of the target SSH server, TUN/TAP lets you route between networks as if
> both networks are on the same LAN. We're setting up an IP tunnel here using
> TUN, but you could just as easily set up a layer-2 bridge between two LANs by
> using the TAP interface instead.
>
> Let's say you're on a laptop in a coffee shop and want to reach your home or
> office network. Your home LAN is on a 192.168.0.0/24 subnet. Bear in mind that
> the router at home needs to have "PermitTunnel yes" in /etc/ssh/sshd_config,
> and "Tunnel yes" and "TunnelDevice any:any" should be listed in
> /etc/ssh_config on your laptop. Also, the tun driver needs to load on both
> your laptop and the router. By the way, your router at home has the external
> IP address 1.2.3.4.
>
> On the laptop, log in to your router at home as root:
>
> ssh -w0:0 1.2.3.4
>
> which creates a tunnel between your laptop and the router at home. After
> you've logged in to the router, run the command
>
> ifconfig tun0 10.2.2.2 netmask 255.255.255.252
>
> on the router, which will give the an IP address to the far end of the tunnel.
> At this point, you don't have to do anything else on the router.
>
>
> Back on your laptop, you have to set an IP address on your end of the tunnel,
> and set up routing to your LAN at home:
>
> ifconfig tun0 10.2.2.1 netmask 255.255.255.252
> route add -net 192.168.0.0/24 dev tun0
>
>
> At this point you should be able to ping any IP on your LAN at home, from your
> laptop. Congrats, your VPN is set up and you're good to go.
>
>
> If you were trying to set up a remote office, the only thing you'd need to do
> is set up a route on the main office router to reach hosts on the satellite
> LAN.
>
>
> So, how does it work? SSH allows you to set up a virtual interface, as noted,
> which functions as a tunnel with two endpoints. You place an IP address at
> each end of the tunnel, then set up a route at one or both ends to tell hosts
> each end how to reach hosts on the other end. Routed traffic passes through
> the tunnel, all nice and encrypted via SSH. Assuming everything is configured
> correctly and the tun0 interface comes upon both ends, you can construct a
> scriptable VPN with only four or five commands.
>
>
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___________________ Nolug mailing list nolug@nolug.orgReceived on 01/11/09
This archive was generated by hypermail 2.2.0 : 02/17/09 EST