layer-3 IP-in-SSH tunnelling

TCP traffic is passed through an another TCP protocol. The packets are double “acknowledged” by the 2-layer of TCPs. Better protocols are built on UDP or even IP.If you already have access to an SSH server, it’s much easier to use it as an SSH tunnel than it is to set up a VPN server. For this reason, SSH tunnels have been dubbed a “poor man’s VPN.”

How to set up an SSH VPN:You must be using OpenSSH version 4.3 or later to do this,You also need to have installed uml-utilities on the “calling” machine.

TUN is used with routing, while TAP is used for creating a network bridge.

ON A: Edit /etc/ssh/sshd_config,PermitTunnel yes, PermitRootLogin yes,service sshd reload
sudo apt-get install uml-utilities ## once
sudo tunctl -u $USER
sudo ssh -NTCf -w 1:1 # -w local:remote tun

ip link set tun1 up
ip addr add peer dev tun1
sudo arp -sD eth0 pub
####Networ setting
iface tun0 inet static
pre-up sleep 5
up arp -sD venet0:0 pub
ip link set tun1 up
ip addr add peer dev tun1
ip route add via

//how to disable isp dns server
check your /etc/dhcp/dhclient.conf
don’t request dns-nameservers
add domain-name-servers x.x.x.x
update your /etc/network/interfaces
auto eth0
iface eth0 inet dhcp
dns-nameservers dnsserverip
check file /etc/resolvconf/resolv.conf.d/base
#sudo ifdown -a & sudo ifup -a
# sudo resolvconf -u

isc_stdio_open ‘/var/log/bind9/query.log’ failed: permission denied
This is caused by “AppArmor” which is like SE Linux.
Edit /etc/apparmor.d/usr.sbin.named
/var/log/bind9/ rw,
#sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named


电子邮件地址不会被公开。 必填项已用*标注