VPN

ssh tunneling

CHOMAN 2017. 11. 23. 15:41


ssh tunneling

 


[ssh 클라이언트]

 

 

ip tuntap add tun0 mode tun

ip addr add 192.168.0.1/32 peer 192.168.0.2 dev tun0

ifconfig tun0 192.168.0.1 netmask 255.255.255.0

 

 

 

 

[ssh 서버]

 

 

ip tuntap add tun0 mode tun

ip addr add 192.168.0.2/32 peer 192.168.0.1 dev tun0

ifconfig tun0 192.168.0.2 netmask 255.255.255.0

 

 

 

 

[ssh 서버]

 

vim /etc/ssh/sshd_config



Port 22

Port 50000

PermitTunnel yes

 

 

 

 

sshd 데몬 재시작

 

 

service sshd restart

 

 

 

 

[ssh 클라이언트]

 

 

ssh -NTCf -w  0:0 SSH서버 공인아이피

ssh -NTCf -w  0:0 SSH서버 공인아이피 -p50000

 

 

* 0:0 --> tun0 (클라이언트) :tun0 (서버)  을 터널링 한다는 의미

 

 

 

위 명령어를 입력후 아무런 메세지도 출력되지 않으면 성공

 

 

ps -ef | grep ssh

 

root      1040     1  0 08:43 ?        00:00:00 ssh -NTCf -w 0:0 서버아이피

 

 

 

실제로 터널링이 성공했는지는 상대방 아이피로 PING 을 체크해보면 된다.

 



 

TAP DEVICE 를 이용하여 SSH TUNNEL 구성하기




[ssh 클라이언트]



ip tuntap add tap0 mode tap

ifconfig tap0 192.168.0.1 netmask 255.255.255.0

 




[ssh 서버]



ip tuntap add tap0 mode tap

ifconfig tap0 192.168.0.2 netmask 255.255.255.0

 




[ssh 클라이언트]



ssh -o Tunnel=ethernet -f -w 0:0 root@SSH서버 공인아이피 true

 





TAP 으로 구성된 터널링은 ARP 명령시 상대편 TUNNEL 의 ARP가 보인다.


[root@localhost ~]# arp



Address                  HWtype  HWaddress           Flags Mask            Iface

192.168.0.1              ether   f2:15:6f:87:c8:b9   C                     tap0

1x5.xx.2x4.1             ether   a8:f7:e0:23:8f:a0   C                     enp7s0

 





Network 연결 끊어짐 syslog



ssh 클라이언트


kernel: bond0: link status definitely down for interface tap10, disabling it

kernel: bond0: link status definitely down for interface tap20, disabling it

kernel: bond0: now running without any active interface!



ssh 서버

kernel: bond0: link status definitely down for interface tap10, disabling it

systemd-logind: Removed session 3.

kernel: bond0: link status definitely down for interface tap20, disabling it

localhost kernel: bond0: now running without any active interface!

 





 

참고자료

 


https://blog.pboehm.org/blog/2016/12/07/ssh-features-bridging-two-networks/


https://www.lesstif.com/pages/viewpage.action?pageId=20776114


https://help.ubuntu.com/community/SSH_VPN


https://www.mylinuxplace.com/create-taptun-device-centos-7/


https://la11111.wordpress.com/2012/09/24/layer-2-vpns-using-ssh/


https://www.taos.com/wp-content/uploads/2015/10/Taos-White-Paper_Advanced-SSH-Tunneling.pdf


http://mungi.kr/361

 


저작자표시