VPN over SSH: State of the art?

Jochen Bern Jochen.Bern at binect.de
Sat Jan 5 00:10:24 AEDT 2019

On 01/04/2019 10:57 AM, Thomas Güttler wrote:
> What is the current state of the art if you want to create VPN over ssh?

It might depend on your Platform (I've been essentially Linux-only these
past years), but I have a section "SSH-BASED VIRTUAL PRIVATE NETWORKS"
in the "ssh" manpage of even rather old OpenSSH versions ...

(It requires *root* access on both ends to configure tun* interfaces,
but since you were discussing installing additional proxying(?)
software, I guess that you have that.)

(It also assumes that the subnets involved don't have addresse
collisions. I suppose that one *could* resolve that with NATing in both
peers' iptables, but it'ld promise to be quite a lot of careful work IMHO.)

On 01/04/2019 12:50 PM, Jan Bergner wrote:
> I see your point. Remote work on a production system always makes my
> heart beat faster, too. ^^

You don't have production systems installed at colo/hosting/housing
provider sites, then. ;-) :-S

(Preparing for semisolids-in-the-gas-moving-device situations by having
remote OOB access to "consoles" - from modem-at-the-RS232-port to
servers' management NICs offering ILO/iDRAC/EXPRESSSCOPE/whatsitsname -
and hardware health monitoring quickly becomes second nature, including
on "local" platforms - in case you're actually *not* "local" when the
cell phone rings and have to VPN into the company "L"AN beforehand.)

Jochen Bern


More information about the openssh-unix-dev mailing list