Thursday, September 14, 2006

how to setup vtun tunnel via ssh

install vtun

Download the vtun installation rpms (for centos)

wget http://mirror.optusnet.com.au/dag/redhat/el4/en/i386/dag/RPMS/lzo-1.08-4.2.el4.rf.i386.rpm
wget http://mirror.optusnet.com.au/dag/redhat/el4/en/i386/dag/RPMS/vtun-2.6-0.2.el4.rf.i386.rpm

# rpm -ivh lzo-1.08-4.2.el4.rf.i386.rpm
# rpm -ivh vtun-2.6-0.2.el4.rf.i386.rpm



/etc/vtund.conf on client


options {
port 5002; # Connect to this port.
timeout 60; # General timeout

# Path to various programs
ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/ipchains;
ip /sbin/ip;
}


work_to_home {
passwd password; # Password
type ether; # Ethernet tunnel
device tap1; # Device tap1
up {
# Connection is Up

# Assign IP address and netmask.
ifconfig "%% 10.1.0.2 netmask 255.255.255.0";
# Add route to net 192.168.0.0/24
route "add -net 192.168.0.0 netmask 255.255.255.0 gw 10.1.0.1";


};
down {
# Connection is Down

# Shutdown tap device
ifconfig "%% down";
};
}


/etc/vtund.conf on server

options {
port 5002; # Listen on this port.

# Syslog facility
syslog daemon;

# Path to various programs
ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/ipchains;
ip /sbin/ip;
}

# Default session options
default {
compress no; # Compression is off by default
speed 0; # By default maximum speed, NO shaping
}

work_to_home {
passwd password; # Password
type ether; # Ethernet tunnel
device tap1; # Device tap1
proto tcp; # UDP protocol
compress lzo:1; # LZO compression level 1
encrypt yes; # Encryption
stat yes; # Log connection statistic
keepalive yes; # Keep connection alive

up {
# Connection is Up

# Assign IP address
ifconfig "%% 10.1.0.1 netmask 255.255.255.0";

# Add route to net 10.2.0.0/24
route "add -net 131.242.216.0 netmask 255.255.255.0 gw 10.1.0.2";
route "add -net 203.9.184.0 netmask 255.255.255.0 gw 10.1.0.2";

# Enable masquerading for net 10.2.0.0.0/24
# firewall "-A forward -s 10.2.0.0/24 -d 0.0.0.0/0 -j MASQ";
};

down {
# Connection is Down

# Shutdown tap device.
ifconfig "%% down";

# Disable masquerading for net 10.2.0.0.0/24
# firewall "-D forward -s 10.2.0.0/24 -d 0.0.0.0/0 -j MASQ";
};
}


creating connection script for client

Some of this only needs to be done once. The last ssh command creates the sshd tunnel for vtund

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding

iptables -A POSTROUTING -j MASQUERADE -t nat

vtund -n -f /etc/vtund.conf work_to_home localhost &

ssh -L 5002:localhost:5002 user@server

No comments:

Splitting the home network

Who wouldn't want to separate the traffic at home for security reasons. The more common ones include wireless guest and wireless users. ...