[linux_var] vpn dei poveri

To: talking@ml.linuxvar.it, lug legnano <lug_legnano@googlegroups.com>

Subject: [linux_var] vpn dei poveri

From: Luca Carrozza <bizzarrone@gmail.com>

Date: Fri, 13 Nov 2015 17:48:18 +0100

Authentication-results: linuxvar.it; dkim=pass reason="2048-bit key; unprotected key" header.d=gmail.com header.i=@gmail.com header.b=IFRQIOP5; dkim-adsp=pass; dkim-atps=neutral

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ml.linuxvar.it; s=mail; t=1447433317; bh=RsC+B5ia6p01SoiU80fIbi/3jnHHBiNRCn5TudBuefU=; h=Date:From:To:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; z=Date:=20Fri,=2013=20Nov=202015=2017:48:18=20+0100|From:=20Luca=20 Carrozza=20<bizzarrone@gmail.com>|To:=20talking@ml.linuxvar.it,=20 lug=20legnano=20<lug_legnano@googlegroups.com>|Subject:=20[linux_v ar]=20vpn=20dei=20poveri|List-Id:=20linux_var=20-=20LUG=20di=20Var ese=20e=20Provincia=20Mailing=20List=0D=0A=20<talking.ml.linuxvar. it>|List-Unsubscribe:=20<http://ml.linuxvar.it/cgi-bin/mailman/opt ions/talking>,=0D=0A=20<mailto:talking-request@ml.linuxvar.it?subj ect=3Dunsubscribe>|List-Archive:=20<http://ml.linuxvar.it/pipermai l/talking/>|List-Post:=20<mailto:talking@ml.linuxvar.it>|List-Help :=20<mailto:talking-request@ml.linuxvar.it?subject=3Dhelp>|List-Su bscribe:=20<http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking >,=0D=0A=20<mailto:talking-request@ml.linuxvar.it?subject=3Dsubscr ibe>|Reply-To:=20linux_var=20-=20LUG=20di=20Varese=20e=20Provincia =20Mailing=20List=0D=0A=20<talking@ml.linuxvar.it>; b=xa6n9MTiDItzGvFY58/t2kTB47bAV9wG6DEVzdiucc6tj/ns5Biv5UKZhf4tTHSbY vhJay2Iv//9ItTxBbSPtHg/CBj6Q+t0ZT+hEje8Vlh2GF6CRQL9LLcKKWeGsroooR1 soZH+sI0BWNchbo86zYFpTKbFuw+6dnlfvaDGl1Q=

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=IJCZ5nLzl9xkY1ZyOUJbmiFWHz2EiSvJqkVh+IAiU18=; b=IFRQIOP52r0ZxcLzksgwma1rr4+x6sKLokxI+n88vYp+oqQ0Viw7DeYbBzErWh+KfP 4Y5yQxnDT8zXyVIcnktCgjYKIK94BnGH84NEyAqkkAbjAHlU5zmaDlgI4Rjgd48TsEdM CQs68ZFBNEFIJ+U2l41IAHjQLtE6ewwmRPvI+7PZo29Tqx0CrvYm1zpYfJlFJawlPf/0 9G5qNfIQCldjbdWDRU/GE3Baop2DYbtQr897qNpkvKDi9f21kSXuCuXtAvq/i8iUEqKm YlPZMDLAcAr45QvwKG6Le/ACiAycKmnqZo2tSPdpaVawDYdrGPbMxzVBj2ihM+SkTw/5 i0pw==

List-archive: <http://ml.linuxvar.it/pipermail/talking/>

List-help: <mailto:talking-request@ml.linuxvar.it?subject=help>

List-id: linux_var - LUG di Varese e Provincia Mailing List <talking.ml.linuxvar.it>

List-post: <mailto:talking@ml.linuxvar.it>

List-subscribe: <http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking>, <mailto:talking-request@ml.linuxvar.it?subject=subscribe>

List-unsubscribe: <http://ml.linuxvar.it/cgi-bin/mailman/options/talking>, <mailto:talking-request@ml.linuxvar.it?subject=unsubscribe>

Reply-to: linux_var - LUG di Varese e Provincia Mailing List <talking@ml.linuxvar.it>

Sender: "Talking" <talking-bounces@ml.linuxvar.it>

Ciao,

probabilmente non dico nulla di nuovo per molti, magari rinfresco solo la memoria: se non volete adottare una vpn standard come soluzione, potete divertirvi con ssh.

Instaurata la connessione si creano 2 interfacce tun e tutto veicolato via ssh

(ideale se la rete in cui vi trovate blocca udp, o altro ma lascia libero l'ssh)
Quindi avrete tutti i vostri sistemi con i soliti ip senza impazzire con port forwaring via ssh con -L -R..

e senza specificare ad ogni host remoto la rotta di ritorno (basta mascherare la sorgente).

ciao

Luca

Nuova guida per sistemi Debian per vpn dei poveri via ssh (Luca):

fase preparatoria per server:
sysctl -w net.ipv4.ip_forward=1
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
vim /etc/ssh/sshd_config
PermitRootLogin yes
PermitTunnel yes

da client:
sudo ssh -w 0:0 -p port root@server
quindi da dentro server:
ip link set tun0 up
ip addr add 192.168.5.1/32 peer 192.168.5.2 dev tun0
iptables -t nat -A POSTROUTING -s 192.168.5.2/32 -o eth0 -j MASQUERADE

sempre da client:
ip addr add 192.168.5.2/32 peer 192.168.5.1 dev tun0
ip route add 192.168.2.0/24 dev tun0

_______________________________________________ Talking mailing list Talking@ml.linuxvar.it http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking

Follow-Ups:

Re: [linux_var] vpn dei poveri
- From: "Mr. P|pex" <gianluca@pipex.name>