On 4/8/20 2:14 PM, Simon Hobson wrote: > It's been a while since I last did anything with VPNs on Linux, and I recall > there being 3 options, some of which were "less well supported" than others. > I'm looking to setup a site-site tunnel so I can remotely access stuff at > mum's (she's in isolation because of this Covid 19 stuff) and using remote > desktop control, connect her Mac to a video call. > > So what's the state of play in the VPN on Linux world - both ends would be > running Devuan (one end an AMD64 VM, the other end rPi) ? Last thing I used > was OpenVPN which AIUI is completely non-interoperable with anything else, > while FreeSwan and OpenSwan were having a bun fight. > > Simon >
A little late, but I used to use a SSH script to create a full VPN connection between my laptop and work sites. I just created a script for each network I wanted to connect to. You'll need to set up SSH keys first though to the root user (or you can modify the script to use sudo on the remote end). Script I used to use: #!/bin/bash PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" HOST=remotehost.somedomain.com REMOTETUNIP="172.16.200.2" LOCALTUNIP="172.16.200.1" REMOTENET="192.168.1.0" REMOTENETMASK="255.255.255.0" if [ "$1" != "start" -a "$1" != "stop" ] then echo "Syntax: $0 <start> <stop>" exit 1 fi if [ "$1" = "start" ] then # Find next available local TUN device TUNNUMBER=0 FINDTUN="false" while [ "$FINDTUN" = "false" ] do ifconfig -a | grep -v tunl | grep tun$TUNNUMBER > /dev/null if [ "$?" != "1" ] then let TUNNUMBER=$TUNNUMBER+1 else FINDTUN="true" fi done sudo ssh -f -C -w any:any root@$HOST true ssh root@$HOST "ifconfig tun0 $REMOTETUNIP pointopoint $LOCALTUNIP" ssh root@$HOST "iptables -A INPUT -i tun+ -j ACCEPT" ssh root@$HOST "iptables -A FORWARD -i tun+ -j ACCEPT" ssh root@$HOST 'echo 1 > /proc/sys/net/ipv4/ip_forward' sleep 3 sudo ifconfig tun$TUNNUMBER $LOCALTUNIP pointopoint $REMOTETUNIP sudo route add -net $REMOTENET netmask $REMOTENETMASK gw $LOCALTUNIP tun$TUNNUMBER echo "Tunnel has been set up" fi if [ "$1" = "stop" ] then sudo kill `ps ax | grep "any:any root@$HOST true" | grep -v grep | cut -c 1-5` > /dev/null ssh root@$HOST 'kill `ps ax | grep "sshd: root@notty" | grep -v grep | cut -c 1-5`' ssh root@$HOST 'ifconfig tun0 down' fi I currently use OpenVPN tunnels, but oh my word, OpenVPN is a bear to get set up properly. Probably today, if I was going to do it again, WireGuard might be the next easiest solution other than using SSH. Chris
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
