OpenSSH tunneling
irfaan coonjah
irfaan_c at yahoo.com
Tue Nov 26 19:26:12 EST 2013
I am currently working with tunneling with
openssh and I am looking for a help.
I have been able to setup the tunnel properly in
a LAN environment and I am followed these steps: http://bodhizazen.net/Tutorials/VPN-Over-SSH
Attached is a topology of the lan environment.
The tunnel works properly and ping is successful.
I want to extend the scope of the VPN tunnel and to setup the tunnel
between two remote PCs which are in two different locations. I port-forwarded the public ip addresses to the
private ip address of the pcs.
Both PCs can ssh each other but tunneling
is not working. The tun0 interface on both server and client is up but traffic
is not flowing through the tunnels.
++++++++++Phase 1+++++++++++
PC-A can
ssh to PC-B --- ssh root at 197.225.79.115
PC-B can
ssh to PC-A --- ssh root at 196.192.83.17
+++++++++++Phase 2++++++++++
Aim is
to create a tunnel between PC-A and PC-B
Tunnel shows up but ping to remote tun0 interface is not successful.
PC-A -server pc with public ip address(196.192.83.17),private ip(10.1.3.13) port-forwarding via 22(ssh)
root at PCA:~# modprobe ipip
root at PCA:~# ip tu ad tun1 mode ipip remote
197.225.79.115 ttl 64 dev eth0
root at PCA:~# ip ad ad dev tun1 10.0.0.1 peer 10.0.0.2/32
root at PCA:~# ip li se dev tun1 up
root at PCA:~# ip tunnel show tun1
tun1:
ip/ip remote 197.225.79.115 local any dev eth0 ttl 64
PCB -client pc with public ip address(197.225.79.115),private ip(192.168.1.6)
port-forwarding via 22 (ssh)
+++++PC-B; client: irfaan at ubuntu:~$ vi
/etc/network/interfaces++++++
iface tun1 inet static
pre-up
ssh -i /root/.ssh/VPN -S /var/run/ssh-vpn-tunnel-control -M -f -w 0:0
196.192.83.17 true
pre-up
sleep 15
address
10.0.0.2
pointopoint 10.0.0.1
netmask
255.255.255.0
up
route add -host 196.192.83.17 dev eth1
up
route add default gw 10.0.0.1 dev tun1
up
route del default gw 192.168.1.1 dev eth1
down
route add default gw 192.168.1.1 dev eth1
down
route del default gw 10.0.0.1 dev tun1
down
route del -host 196.192.83.17 dev eth1
post-down
ssh -i /root/.ssh/VPN -S /var/run/ssh-vpn-tunnel-control -O exit 196.192.83.17
irfaan at ubuntu:~$ sudo ip tu ad tun1 mode ipip
local 192.168.1.6 remote 196.196.83.17 ttl 64 dev eth1
irfaan at ubuntu:~$ sudo ip ad ad dev tun1
10.0.0.2 peer 10.0.0.1/32
irfaan at ubuntu:~$ sudo ip li se dev tun1 up
irfaan at ubuntu:~$ sudo ifup tun1
root at 196.192.83.17's password:
channel
0: open failed: administratively prohibited: open failed
ssh
stop/waiting
ssh
start/running, process 5232
irfaan at ubuntu:~$ ping 10.0.0.1
PING
10.0.0.1 (10.0.0.1) 56(84) bytes of data.
From
10.0.0.2 icmp_seq=1 Destination Host Unreachable
From
10.0.0.2 icmp_seq=4 Destination Host Unreachable
irfaan at ubuntu:~$ sudo ip tunnel del tun1
irfaan at ubuntu:~$ sudo modprobe ipip
irfaan at ubuntu:~$ sudo ip tun ad tun1 mode ipip
local 197.225.79.115 remote 196.192.83.17 ttl 64 dev eth1
irfaan at ubuntu:~$ sudo ip ad ad dev tun1
10.0.0.1 peer 10.0.0.2/32
irfaan at ubuntu:~$ ip li se dev tun1 up
RTNETLINK answers: Operation not permitted
irfaan at ubuntu:~$ sudo ip li se dev tun1 up
irfaan at ubuntu:~$ sudo ifup tun1
root at 196.192.83.17's password:
channel
0: open failed: administratively prohibited: open failed
ssh
stop/waiting
ssh
start/running, process 6151
irfaan at ubuntu:~$ ping 10.0.0.1
PING
10.0.0.1 (10.0.0.1) 56(84) bytes of data.
From
10.0.0.2 icmp_seq=1 Destination Host Unreachable
From
10.0.0.2 icmp_seq=2 Destination Host Unreachable
^C
---
10.0.0.1 ping statistics ---
2
packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms
Kind
regards,
Irfaan
More information about the openssh-unix-dev
mailing list