GhettoVPN for Llamas
From WikiMarkBallew
It's defcon, you're drunk, probably lazy too.
If you want a vpn, try this.
[edit] Setting up VPN's over ssh.
There's some tcp overhead, and it requires root access, but its crypted and simple to setup.
The Jist (all you really need to do):
1) in /etc/ssh/sshd_config (or wherever) on host A
PermitRootLogin yes
PermitTunnel yes
2) on host B
ifconfig tun0 hostA hostB (netmask)
ssh -(f)w 0:0 ifconfig tun0 hostB hostA (netmask)
and you're done.
[edit] Examples:
hostB# ifconfig tun0 10.8.8.8 10.8.8.9 netmask 0xffffff00 hostB# ssh -w 0:0 hostA ifconfig tun0 10.8.8.9 10.8.8.8 netmask 0xffffff00
OR
hostB# ifconfig tun0 10.8.8.8 10.8.8.9 netmask 0xffffff00 hostA# ifconfig tun0 10.8.8.9 10.8.8.8 netmask 0xffffff00 hostB# ssh -w 0:0 hostA
[edit] Notes:
- That last command (final ssh) has to be exec'd as root, near as I can tell.
- The tun devices don't have to be tun zero, they can be tun whatever, the -w X:Y ties them together.
- Works with OpenSSH >= 4.3, and likely any OS that has tun/tap devices. Definitely OpenBSD.
- For a layer 2 tunnel use 'link 0' in the ifconfig lines.
- Don't forget to 'pkill -HUP sshd' or similar after config changes (this is a guide for drunk folk after all).
- Don't forget to open firewall holes for the local side of the tun devices, if necessary.
- Things denoted in (parens) are optional.
- The IP's (10.8.8.8, etc) can be whatever the hell you want. In OpenBSD routes are added when you create the tunnel.
- In other OS's you might have to setup routes manually.
- If you're trying to do nat thru this in other os's, you may have to play with arp entries as well.
