IP over SSH
Page content
wanna tunnel IP over SSH ? give a try ? Tested for you with … OpenBSD :)
Host1
do the following as root
echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
sysctl net.inet.ip.forwarding=1
echo "inet 10.0.0.1 255.255.255.0 10.0.0.2" >> /etc/hostname.tun0
sh /etc/netstart tun0
sed -i '/PermitTunnel .*/PermitTunnel yes/' /etc/ssh/sshd_config
rcctl restart sshd
ssh-copy-id root@host2
Host2
do the following as root
echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
sysctl net.inet.ip.forwarding=1
echo "inet 10.0.0.2 255.255.255.0 10.0.0.1" >> /etc/hostname.tun0
sh /etc/netstart tun0
sed -i '/PermitTunnel .*/PermitTunnel yes/' /etc/ssh/sshd_config
rcctl restart sshd
ssh-copy-id root@host1
now do ifconfig tun0 on Host1 and Host2 -> tunnel should be down
Establish Tunnel
ssh -f -w 0:0 public-ip-of-host2 true
Check Tunnel
root@host1 # ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
index 5 priority 0 llprio 3
groups: tun
status: active
inet 10.0.0.1 --> 10.0.0.2 netmask 0xffffff00
Check Latency
fping -c 1 10.0.0.1 10.0.0.2
10.0.0.1 : [0], 64 bytes, 0.102 ms (0.102 avg, 0% loss)
10.0.0.2 : [0], 64 bytes, 1.05 ms (1.05 avg, 0% loss)
10.0.0.1 : xmt/rcv/%loss = 1/1/0%, min/avg/max = 0.102/0.102/0.102
10.0.0.2 : xmt/rcv/%loss = 1/1/0%, min/avg/max = 1.05/1.05/1.05
add Network
if the Tunnel is up, you can add some Network Protocols like
- bgp
- ospf
- static routing
depending on your topology, you may have to do add NAT on some outgoing interfaces. adapt pf.conf accordingly.
you can also add ipv6 instead of ipv4. or do dualstack. in the tunnel or during the ssh session setup.
Tshoot
- fix pf.conf so the remote User is allowed to ssh in
- fix ssh so the remote Host is allowed to Login with Public Key as root user
- fix pf.conf so incomming/outgoing traffic will get NATed
- seems like tunnel setup must be established as root user
- …
Any Comments ?
sha256: b62722611448d593dc4ce2d57435bff5c3e0a01233e1a89a1fcb92faf7a49bab