On Sat, Jan 26, 2008 at 09:42:14PM +1100, Dave Harrison wrote: > Hey all, > > I've been trying to see if it's possible to setup SSH based vpn's > using user accounts on the remote end. While I don't think it says > anywhere explicitly that it's _not_ possible, I haven't found any > references so far of people doing it successfully ;-) > > I've gone over the mailing list several times, I've read the ssh and > tun man pages, and I've experimented with creating tun devices and > changing the perms of the /dev/tun* devices to allow read+write by > users. I'm yet to have any luck so far though - I get the below > transcribed message. > > Can anyone say definitively if this is (im)possible ?? And if it is > possible, how they managed it ? >
Only root can open /dev/tun, this is enforced in the code. You would need to patch the code as well (see tunopen()'s suser() call). -- :wq Claudio
