The original White Hat
[index][src]

Tue May 12 20:37:41 UTC 2009

Setting up a VPN over ssh

--

This popped up this morning …

http://blog.bodhizazen.net/linux/how-to-vpn-using-ssh/

A look at how to establish a TUN-level VPN over ssh. Combined with something like the ssh ProxyCommand (article via http://tr.im/laJS) you could have a very flexible hookup to a far remote machine.

I'm not entirely happy with the article using root to log in with (even restricted to a key) but I guess it's not significantly different to using a non-root user that can sudo automatically (ah, the old Ubuntu “no root account” argument). I did like the level of thinking put in to the user end, where they can up/down the tunnel very easily.

At the end of the day, this technique doesn't compare with actually setting up OpenVPN or something like that, but if you don't control the gateway/edge firewall it neatly demonstrates what you can achieve.

And combined with reverse ssh tunneling, it also demonstrates why allowing outgoing traffic that is not forceably proxied at the application level is effectively the same as not firewalling at all … which becomes more important when looking at malware callbacks.

blog comments powered by Disqus --