GhettoVPN for Llamas

From WikiMarkBallew

Jump to: navigation, search

It's defcon, you're drunk, probably lazy too.

If you want a vpn, try this.

Setting up VPN's over ssh.

There's some tcp overhead, and it requires root access, but its crypted and simple to setup.

The Jist (all you really need to do): 

        1) in /etc/ssh/sshd_config (or wherever) on host A
                PermitRootLogin yes
                PermitTunnel    yes

        2) on host B
                ifconfig tun0 hostA hostB (netmask)
                ssh -(f)w 0:0 ifconfig tun0 hostB hostA (netmask)

and you're done.

Examples:

hostB# ifconfig tun0 10.8.8.8 10.8.8.9 netmask 0xffffff00
hostB# ssh -w 0:0 hostA ifconfig tun0 10.8.8.9 10.8.8.8 netmask 0xffffff00

OR 

hostB# ifconfig tun0 10.8.8.8 10.8.8.9 netmask 0xffffff00
hostA# ifconfig tun0 10.8.8.9 10.8.8.8 netmask 0xffffff00
hostB# ssh -w 0:0 hostA

Notes:

  • That last command (final ssh) has to be exec'd as root, near as I can tell.
  • The tun devices don't have to be tun zero, they can be tun whatever, the -w X:Y ties them together.
  • Works with OpenSSH >= 4.3, and likely any OS that has tun/tap devices. Definitely OpenBSD.
  • For a layer 2 tunnel use 'link 0' in the ifconfig lines.
  • Don't forget to 'pkill -HUP sshd' or similar after config changes (this is a guide for drunk folk after all).
  • Don't forget to open firewall holes for the local side of the tun devices, if necessary.
  • Things denoted in (parens) are optional.
  • The IP's (10.8.8.8, etc) can be whatever the hell you want. In OpenBSD routes are added when you create the tunnel.
  • In other OS's you might have to setup routes manually.
  • If you're trying to do nat thru this in other os's, you may have to play with arp entries as well.
Retrieved from "http://markballew.com/wiki/GhettoVPN_for_Llamas"