Has anyone tried to get something like this to work?
A few years ago I did basically the same thing with the VPN function of
ssh using the tun(4) network pseudo-device. Let me check my notes...
It starts the same way:
1. Commenting out the public address in /etc/hostname.vio0
2. Create a /etc/hostname.tun0 with the public address. (And no route)
$ cat /etc/hostname.tun0
10.255.255.7 1.2.Public.IP netmask 255.255.255.255
3. But then it differs and goes to pf:
# $EDITOR /etc/pf.conf
...
ext_if = "vio0"
ext_ip = "1.2.Public.IP"
rdr_if = "tun0"
rdr_ip = "1.2.Public.IP"
rdr_ports = "{1234, 16882, 44666, 32872 }"
tcpudp = "{ tcp, udp }"
pass in on $ext_if proto $tcpudp from any to $ext_ip port $rdr_ports
rdr-to $rdr_ip
# pfctl -f /etc/pf.conf
# sysctl net.inet.ip.forwarding=1
# $EDITOR /etc/sysctl.conf
...
net.inet.ip.forwarding=1
And on the client site:
# $EDITOR /etc/hostname.tun0
1.2.Public.IP 10.255.255.7 netmask 255.255.255.255
!route add default 10.255.255.7
# $EDITOR /etc/hostname.re0
Remove the IPv4 default route. The tunnel runs over IPv6.
Change the numbers and device a little bit.
HTH
