layer-3 IP-in-SSH tunnelling

TCP traffic is passed through an another TCP protocol. The packets are double “acknowledged” by the 2-layer of TCPs. Better protocols are built on UDP or even IP.If you already have access to an SSH server, it’s much easier to use it as an SSH tunnel than it is to set up a VPN server. For this reason, SSH tunnels have been dubbed a “poor man’s VPN.”

How to set up an SSH VPN:You must be using OpenSSH version 4.3 or later to do this,You also need to have installed uml-utilities on the “calling” machine.

TUN is used with routing, while TAP is used for creating a network bridge.

ON A: Edit /etc/ssh/sshd_config,PermitTunnel yes, PermitRootLogin yes,service sshd reload
ON B:
sudo apt-get install uml-utilities ## once
sudo tunctl -u $USER
sudo ssh -NTCf -w 1:1 ipv6.cctan.ca # -w local:remote tun

ON A:
ip link set tun1 up
ip addr add 10.0.0.100/32 peer 10.0.0.200 dev tun1
sudo arp -sD 10.0.0.200 eth0 pub
####Networ setting
iface tun0 inet static
pre-up sleep 5
address 10.0.0.100
pointopoint 10.0.0.200
netmask 255.255.255.0
up arp -sD 10.0.0.200 venet0:0 pub
####
ON B:
ip link set tun1 up
ip addr add 10.0.0.200/32 peer 10.0.0.100 dev tun1
ip route add 10.0.0.0/24 via 10.0.0.200

//how to disable isp dns server
check your /etc/dhcp/dhclient.conf
don’t request dns-nameservers
add domain-name-servers x.x.x.x
update your /etc/network/interfaces
auto eth0
iface eth0 inet dhcp
dns-search google.com
dns-nameservers dnsserverip
check file /etc/resolvconf/resolv.conf.d/base
#sudo ifdown -a & sudo ifup -a
# sudo resolvconf -u

isc_stdio_open ‘/var/log/bind9/query.log’ failed: permission denied
This is caused by “AppArmor” which is like SE Linux.
Edit /etc/apparmor.d/usr.sbin.named
/var/log/bind9/ rw,
#sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named

发表评论

电子邮件地址不会被公开。 必填项已用*标注