Home / server / Questions / 66483
Accepted
Jona
Asked: 2009-09-18 14:26:47 +0800 CST

SSH remote access vpn tunnel

  • 772

I have two machines both running CentOS linux, one is public facing machine with a real ip address (foo). The other is at a client's site behind a very restrictive firewall and with no real ip and no possibility of natting or opening an port to it (bar).

I can ssh from bar to foo, however obviously not the other way round.

Ideally I would like to be able to ssh from foo to bar so I am able to send file, work remotely, etc. Would really appreciate any help or advice on how best to get this working, have seen various tutorials on the internet which suggest it should be possible to setup a VPN connection over ssh but can't quite seem to figure it out.

Jona

linux

5 Answers

  1. This ought to do it for you (from bar):

    ssh -R2222:localhost:22 foo

    Then, on foo:

    ssh localhost -p 2222

    The first connection opens a remote port forward, which makes port 2222 on foo forwarded to port 22 on bar. So, if you ssh to port 2222 on foo, you are really connecting to bar. You can then add whatever forwards you need to through that ssh connection, to forward any other ports.

    • 2
  2. Best Answer

    Under Centos the answer appears to be as follows:

    on bar (the restricted machine) run the following command:

    ssh -N -R 1234:localhost:22 foo.theinternet.com

    then on foo (the open machine) run:

    ssh -p 1234 localhost

    I suspect there are refinements to be made to this, but hopefully it will be enough to get any googlers started.

    Thanks to pkaeding for putting me on the right track.

    • 2

  3. Sounds like you are looking for something that works like Wippien or Remobo, which are inspired by the costly Hamachi client.

    • 1

  4. You can create tun device, that is a full tunnel. Requirements are: probably root access in both client and server, and recent versions of SSH.

    # server /etc/ssh/sshd_config
PermitRootLogin yes
PermitTunnel yes

# client  /etc/ssh/ssh_config
Tunnel yes

Connect with:
ssh -w any:any ...

    That will create a tun0 device on both client and server. You must set up IP:

    # server
ifconfig tun0 192.168.55.1 pointopoint 192.168.55.2
# client
ifconfig tun0 192.168.55.2 pointopoint 192.168.55.1

    Now routes, NAT, whatever...

    Anyway I wouldn't recommend this method for connecting from bar to foo automatically, ie. in a non-interactive fashion. If the TCP session dies it won't respawn automatically.
    Well, maybe you can make it respawn: http://www.deer-run.com/~hal/sysadmin/SSH-SyslogNG.html

    There should be a way to create a VPN between the two hosts, not necessarily based on SSH.

    • 1

  5. There are several options and lots of answers can be found on this site if you search. You can forward ports. You can use ssh as a socks proxy. Or you can actually tunnel ip over ssh using something like ppp.

    • 0