VPN: Difference between revisions

Jump to navigation Jump to search

VPN (view source)

Revision as of 20:36, 17 February 2024

367 bytes added ,  1 year ago
→‎Persistent SSH Tunnels: Updated article
(→‎Persistent SSH Tunnels: Updated article)
Line 226: Line 226:
{{go to top}}
{{go to top}}


== Persistent SSH Tunnels ==
=Persistent SSH Tunnels=
{{go to top}}
The following is how to create a persistent SSH Tunnel between two systems.  This is handy if you want to secure data flowing across networks, or even setup a tunnel without messing with VPN configuration.
The following is how to create a persistent SSH Tunnel between two systems.  This is handy if you want to secure data flowing across networks, or even setup a tunnel without messing with VPN configuration.


===Create User/Generate SSH key===
=Create User/Generate SSH key=
First you will create the user you will use for the tunnel.  This will allow you to forward non-privileged ports over 1024.
First you will create the user you will use for the tunnel.  This will allow you to forward non-privileged ports over 1024.


Line 239: Line 238:
Now switch to the user and generate an SSH key:
Now switch to the user and generate an SSH key:
<pre>
<pre>
su -s /bin/bash useradd
su -s /bin/bash autossh
cd ~
cd ~
ssh-keygen -b 4096
ssh-keygen -b 4096
Line 250: Line 249:
</pre>
</pre>


===Copy public key to target system===
=Copy public key to target system=
You will need to copy '''''id_rsa.pub''''' file from '''''/home/useradd/.ssh/''''' to the '''''authorized_keys''''' file on the remote system you want to connect to for the tunnel.
You will need to copy '''''id_rsa.pub''''' file from '''''/home/autossh/.ssh/''''' to the '''''authorized_keys''''' file on the remote system you want to connect to for the tunnel.


''Note:  It is recommended that you also create a normal user on the remote system and not use root.''
''Note:  It is recommended that you also create a normal user on the remote system and not use root.''


===Install autossh===
=Install autossh=
You will need to install the autossh program on the system that will initiate the SSH tunnel.  Autossh automatically restarts the SSH tunnel when it exits.
You will need to install the autossh program on the system that will initiate the SSH tunnel.  Autossh automatically restarts the SSH tunnel when it exits.
<pre>
<pre>
Line 261: Line 260:
</pre>
</pre>


===Setup script===
=Setup script=
Copy the following script, making the necessary changes as specified between the <> and place on the system that will initiate the tunnel (usually /opt):
Copy the following script, making the necessary changes as specified between the <> and place on the system that will initiate the tunnel (here we will save it as /opt/ssh-tunnel.sh):
<pre>
<pre>
#!/bin/sh
#!/bin/sh
#
#
# Uses autossh to establish a tunnel to allstarlink.org for the Graylog Collector Sidecar
# on seal to pass data. 


su -s /bin/sh autossh -c 'autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure=yes" -f -T -R localhost:<target port>:<local IP or localhost>:<local port> <user>@<domain>'
su -s /bin/sh autossh -c 'autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure=yes" -f -T -R localhost:<target port>:<local IP or localhost>:<local port> <user>@<domain>'


</pre>  
</pre>


{| class="wikitable"
{| class="wikitable"
Line 297: Line 294:
You can also use -L to change the direction of the port forwarding from Remote to Local and have the initiating system forward data over the tunnel the the remote.
You can also use -L to change the direction of the port forwarding from Remote to Local and have the initiating system forward data over the tunnel the the remote.


===Make script executable===
=Make script executable=
Make sure you mark the script as executable with:
Make sure you mark the script as executable with:


<pre>
<pre>
chmod +x <name_of_script>.sh
chmod +x /opt/ssh-tunnel.sh
</pre>
</pre>
===Tunnel at startup===
=Tunnel at startup=
To have this tunnel automatically start if the system is rebooted, add a call to the script to rc.local.
To have the tunnel up when the system restarts, choose one of the following methods
 
==rc.local==
Add a line to /etc/rc.local that calls the script.
 
<pre>
<pre>
/opt/<name_of_script>.sh
# Start AutoSSH tunnel at boot
/opt/ssh-tunnel.sh
</pre>
</pre>


''Note:  You may have to enable rc.local on Ubuntu and Debian based systems via systemd.  Refer to your distributions documentation for information on how to enable it.''
''Note:  You may have to enable rc.local on Ubuntu and Debian based systems via systemd.  Refer to your distributions documentation for information on how to enable it.''
==systemd==
To have the script start at boot with systemd, create the following file and add it to /etc/systemd/system/ssh-tunnel.service
===ssh-tunnel.service===
<pre>
[Unit]
Description=AutoSSH Tunnel at boot
[Service]
Type=oneshot
ExecStart=/opt/ssh-tunnel.sh
[Install]
WantedBy=multi-user.target
</pre>
===Enable service===
To enable the service to run via systemd run:
<pre>
systemctl enable ssh-tunnel.service
</pre>


== GRE Tunnel ==
== GRE Tunnel ==
Retrieved from "https://wiki.kg7qin.org/index.php/Special:MobileDiff/149"

Navigation menu