SSH remote access vpn tunnel

Question

I have two machines both running CentOS linux, one is public facing machine with a real ip address (foo). The other is at a client's site behind a very restrictive firewall and with no real ip and no possibility of natting or opening an port to it (bar).

I can ssh from bar to foo, however obviously not the other way round.

Ideally I would like to be able to ssh from foo to bar so I am able to send file, work remotely, etc. Would really appreciate any help or advice on how best to get this working, have seen various tutorials on the internet which suggest it should be possible to setup a VPN connection over ssh but can't quite seem to figure it out.

Jona

pkaeding · Answer 1 · 2009-09-22T02:58:53.960

2

This ought to do it for you (from bar):

ssh -R2222:localhost:22 foo

Then, on foo:

ssh localhost -p 2222

The first connection opens a remote port forward, which makes port 2222 on foo forwarded to port 22 on bar. So, if you ssh to port 2222 on foo, you are really connecting to bar. You can then add whatever forwards you need to through that ssh connection, to forward any other ports.

edited Sep 22 '09 at 02:58

answered Sep 17 '09 at 23:31

pkaeding

790
2
12
23

Hi there, this is exactly what I want to do however these specific syntax don't seem to work. One difference I notice is that I need to use ssh -p 2222 localhost. But obviously something else isn't working as this command outputs connection refused. – Jona Sep 21 '09 at 16:55
Oops, yeah I made a mistake with the syntax. I fixed it now. Do you see anything interesting in in the ssh session on bar? You can get information about open connections by hitting ~# (in sequence, not at the same time). Does that give back anything interesting? – pkaeding Sep 22 '09 at 03:04

score 2 · Accepted Answer · answered Sep 21 '09 at 17:04

Under Centos the answer appears to be as follows:

on bar (the restricted machine) run the following command:

ssh -N -R 1234:localhost:22 foo.theinternet.com

then on foo (the open machine) run:

ssh -p 1234 localhost

I suspect there are refinements to be made to this, but hopefully it will be enough to get any googlers started.

Thanks to pkaeding for putting me on the right track.

score 1 · Answer 3 · answered Sep 17 '09 at 22:51

1

Sounds like you are looking for something that works like Wippien or Remobo, which are inspired by the costly Hamachi client.

answered Sep 17 '09 at 22:51

djangofan

4,172
10
45
59

Here is the [list of alternative apps](http://serverfault.com/a/746572/100769) for F2F / P2PVPN. – BBK Jan 04 '16 at 11:41

score 1 · Answer 4 · edited Jul 02 '20 at 08:45

You can create tun device, that is a full tunnel. Requirements are: probably root access in both client and server, and recent versions of SSH.

# server /etc/ssh/sshd_config
PermitRootLogin yes
PermitTunnel yes

# client  /etc/ssh/ssh_config
Tunnel yes

Connect with:
ssh -w any:any ...

That will create a tun0 device on both client and server. You must set up IP:

# server
ifconfig tun0 192.168.55.1 pointopoint 192.168.55.2
# client
ifconfig tun0 192.168.55.2 pointopoint 192.168.55.1

Now routes, NAT, whatever...

Anyway I wouldn't recommend this method for connecting from bar to foo automatically, ie. in a non-interactive fashion. If the TCP session dies it won't respawn automatically.
Well, maybe you can make it respawn: http://www.deer-run.com/~hal/sysadmin/SSH-SyslogNG.html

There should be a way to create a VPN between the two hosts, not necessarily based on SSH.

Will this work when one of the machines is private so I can only ssh in one direction? — Jona, Sep 22 '09 at 21:15

score 0 · Answer 5 · edited Apr 13 '17 at 12:14

0

There are several options and lots of answers can be found on this site if you search. You can forward ports. You can use ssh as a socks proxy. Or you can actually tunnel ip over ssh using something like ppp.

edited Apr 13 '17 at 12:14

Community

1

answered Sep 17 '09 at 22:40

Zoredache

128,755
40
271
413

SSH remote access vpn tunnel

5 Answers5