Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: OpenSSH and VPN

from [Matt P] Network Security [Permanent Link]
Subject: Re: OpenSSH and VPN
Date: Fri, 7 Apr 2006 09:43:18 -0500 
I'm no expert here, but this how I've done it.

SSH VPN between Network1 (10.0.0.0/24) and Network2 (10.0.1.0/24)
As root (or other privileged user) from end point node on Network1 (
host.network1):

ssh -fw0:0 host.network2 "ifconfig tun0 10.0.2.1 netmask 255.255.255.252 \
; echo 1 > /proc/sys/net/ipv4/ip_forward \
; /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE \
; route add -net 10.0.0.0/24 gw 10.0.2.2 dev tun0"

ifconfig tun0  10.0.2.2 netmask 255.255.255.252

echo 1 > /proc/sys/net/ipv4/ip_forward

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

route add -net  10.0.1.0/24 gw 10.0.2.1 dev tun0

You can leave out the iptables bits if the tunnel end points
(host.network1 and host.network2 in the example) are the default route
for their respective networks, or if you want to put static routes on
all the systems on each network.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: OpenSSH and VPN, Matt P <=
Previous by Date:  Compiling openssh on SFU 3.5, Joshua Hevenor
Next by Date:  Re: per user authentication types?, Josh Grosse
Previous by Thread:  Compiling openssh on SFU 3.5, Joshua Hevenor
Next by Thread:  "fatal: No supported key exchange algorithms, Ben Kazez
Indexes:  [Date] [Thread] [Top] [All Lists]