:: Re: [DNG] Current state of VPN soft…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: Steve Litt
Date:  
À: dng
Sujet: Re: [DNG] Current state of VPN software ?
How did the SSH solution work out for you, performance wise?

Why did you move from the SSH method to OpenVPN?

Thanks,

SteveT

On Tue, 5 May 2020 06:15:45 -0600
Chris Dos <chris@???> wrote:

> On 4/8/20 2:14 PM, Simon Hobson wrote:
> > It's been a while since I last did anything with VPNs on Linux, and
> > I recall there being 3 options, some of which were "less well
> > supported" than others. I'm looking to setup a site-site tunnel so
> > I can remotely access stuff at mum's (she's in isolation because of
> > this Covid 19 stuff) and using remote desktop control, connect her
> > Mac to a video call.
> >
> > So what's the state of play in the VPN on Linux world - both ends
> > would be running Devuan (one end an AMD64 VM, the other end rPi) ?
> > Last thing I used was OpenVPN which AIUI is completely
> > non-interoperable with anything else, while FreeSwan and OpenSwan
> > were having a bun fight.
> >
> > Simon
> >
>
> A little late, but I used to use a SSH script to create a full VPN
> connection between my laptop and work sites. I just created a script
> for each network I wanted to connect to. You'll need to set up SSH
> keys first though to the root user (or you can modify the script to
> use sudo on the remote end). Script I used to use:
>
> #!/bin/bash
>
> PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
>
> HOST=remotehost.somedomain.com
> REMOTETUNIP="172.16.200.2"
> LOCALTUNIP="172.16.200.1"
> REMOTENET="192.168.1.0"
> REMOTENETMASK="255.255.255.0"
>
> if [ "$1" != "start" -a "$1" != "stop" ]
> then
>     echo "Syntax: $0 <start> <stop>"
>     exit 1
> fi
>
> if [ "$1" = "start" ]
> then
>     # Find next available local TUN device
>     TUNNUMBER=0
>     FINDTUN="false"
>     while [ "$FINDTUN" = "false" ]
>     do
>         ifconfig -a | grep -v tunl | grep tun$TUNNUMBER > /dev/null
>         if [ "$?" != "1" ]
>         then
>             let TUNNUMBER=$TUNNUMBER+1
>         else
>             FINDTUN="true"
>         fi
>     done
>    
>     sudo ssh -f -C -w any:any root@$HOST true
>     ssh root@$HOST "ifconfig tun0 $REMOTETUNIP pointopoint
> $LOCALTUNIP" ssh root@$HOST "iptables -A INPUT -i tun+ -j ACCEPT"
>     ssh root@$HOST "iptables -A FORWARD -i tun+ -j ACCEPT"
>     ssh root@$HOST 'echo 1 > /proc/sys/net/ipv4/ip_forward'
>     sleep 3
>     sudo ifconfig tun$TUNNUMBER $LOCALTUNIP pointopoint $REMOTETUNIP
>     sudo route add -net $REMOTENET netmask $REMOTENETMASK gw
> $LOCALTUNIP tun$TUNNUMBER
>     echo "Tunnel has been set up"
>
> fi
>
> if [ "$1" = "stop" ]
> then
>     sudo kill `ps ax | grep "any:any root@$HOST true" | grep -v grep
> | cut -c 1-5` > /dev/null
>     ssh root@$HOST 'kill `ps ax | grep "sshd: root@notty" | grep -v
> grep | cut -c 1-5`'
>     ssh root@$HOST 'ifconfig tun0 down'
> fi
>
>
> I currently use OpenVPN tunnels, but oh my word, OpenVPN is a bear to
> get set up properly.  Probably today, if I was going to do it again,
> WireGuard might be the next easiest solution other than using SSH.
>
>     Chris




--
SteveT

Steve Litt 
May 2020 featured book: Troubleshooting Techniques
     of the Successful Technologist
http://www.troubleshooters.com/techniques