VPN over SSH: State of the art?
Jochen Bern
Jochen.Bern at binect.de
Sat Jan 5 00:10:24 AEDT 2019
On 01/04/2019 10:57 AM, Thomas Güttler wrote:
> What is the current state of the art if you want to create VPN over ssh?
It might depend on your Platform (I've been essentially Linux-only these
past years), but I have a section "SSH-BASED VIRTUAL PRIVATE NETWORKS"
in the "ssh" manpage of even rather old OpenSSH versions ...
(It requires *root* access on both ends to configure tun* interfaces,
but since you were discussing installing additional proxying(?)
software, I guess that you have that.)
(It also assumes that the subnets involved don't have addresse
collisions. I suppose that one *could* resolve that with NATing in both
peers' iptables, but it'ld promise to be quite a lot of careful work IMHO.)
On 01/04/2019 12:50 PM, Jan Bergner wrote:
> I see your point. Remote work on a production system always makes my
> heart beat faster, too. ^^
You don't have production systems installed at colo/hosting/housing
provider sites, then. ;-) :-S
(Preparing for semisolids-in-the-gas-moving-device situations by having
remote OOB access to "consoles" - from modem-at-the-RS232-port to
servers' management NICs offering ILO/iDRAC/EXPRESSSCOPE/whatsitsname -
and hardware health monitoring quickly becomes second nature, including
on "local" platforms - in case you're actually *not* "local" when the
cell phone rings and have to VPN into the company "L"AN beforehand.)
Regards,
--
Jochen Bern
Systemingenieur
www.binect.de
www.facebook.de/binect
More information about the openssh-unix-dev
mailing list