:: Re: [DNG] Current state of VPN soft…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Chris Dos
日付:  
To: Simon Hobson, dng
題目: Re: [DNG] Current state of VPN software ?
On 4/8/20 2:14 PM, Simon Hobson wrote:
> It's been a while since I last did anything with VPNs on Linux, and I recall there being 3 options, some of which were "less well supported" than others. I'm looking to setup a site-site tunnel so I can remotely access stuff at mum's (she's in isolation because of this Covid 19 stuff) and using remote desktop control, connect her Mac to a video call.
>
> So what's the state of play in the VPN on Linux world - both ends would be running Devuan (one end an AMD64 VM, the other end rPi) ? Last thing I used was OpenVPN which AIUI is completely non-interoperable with anything else, while FreeSwan and OpenSwan were having a bun fight.
>
> Simon
>


A little late, but I used to use a SSH script to create a full VPN connection
between my laptop and work sites. I just created a script for each network I
wanted to connect to. You'll need to set up SSH keys first though to the root
user (or you can modify the script to use sudo on the remote end). Script I
used to use:

#!/bin/bash

PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"

HOST=remotehost.somedomain.com
REMOTETUNIP="172.16.200.2"
LOCALTUNIP="172.16.200.1"
REMOTENET="192.168.1.0"
REMOTENETMASK="255.255.255.0"

if [ "$1" != "start" -a "$1" != "stop" ]
then
    echo "Syntax: $0 <start> <stop>"
    exit 1
fi

if [ "$1" = "start" ]
then
    # Find next available local TUN device
    TUNNUMBER=0
    FINDTUN="false"
    while [ "$FINDTUN" = "false" ]
    do
        ifconfig -a | grep -v tunl | grep tun$TUNNUMBER > /dev/null
        if [ "$?" != "1" ]
        then
            let TUNNUMBER=$TUNNUMBER+1
        else
            FINDTUN="true"
        fi
    done
   
    sudo ssh -f -C -w any:any root@$HOST true
    ssh root@$HOST "ifconfig tun0 $REMOTETUNIP pointopoint $LOCALTUNIP"
    ssh root@$HOST "iptables -A INPUT -i tun+ -j ACCEPT"
    ssh root@$HOST "iptables -A FORWARD -i tun+ -j ACCEPT"
    ssh root@$HOST 'echo 1 > /proc/sys/net/ipv4/ip_forward'
    sleep 3
    sudo ifconfig tun$TUNNUMBER $LOCALTUNIP pointopoint $REMOTETUNIP
    sudo route add -net $REMOTENET netmask $REMOTENETMASK gw $LOCALTUNIP
tun$TUNNUMBER
    echo "Tunnel has been set up"

fi

if [ "$1" = "stop" ]
then
    sudo kill `ps ax | grep "any:any root@$HOST true" | grep -v grep | cut -c
1-5` > /dev/null
    ssh root@$HOST 'kill `ps ax | grep "sshd: root@notty" | grep -v grep | cut
-c 1-5`'
    ssh root@$HOST 'ifconfig tun0 down'
fi


I currently use OpenVPN tunnels, but oh my word, OpenVPN is a bear to get set
up properly.  Probably today, if I was going to do it again, WireGuard might
be the next easiest solution other than using SSH.

    Chris