![]() ![]() # 2nd and 3rd override default route without replacing it. ![]() # 1st preserves real route to $GW, avoiding route loop. # route add -host $GW gw 192.168.0.1 # that is, your # to make the tunnel a default route replacement: Ifconfig tun$IFACE $HITHER pointopoint $YON netmask 255.255.255.255 "ifconfig tun$IFACE $YON pointopoint $HITHER netmask 255.255.255.255 & echo "$": identical addresses not allowed & exit 1 # manual, for random, probably temporary connections. # automatic, for specific, known, regularly-connected hosts. # others connect and route through $GW to reach # this creates a star topology with $GW at center, # and clients must be able to ssh to $GW as root. # /etc/ssh/sshd_config on $GW must include: number of the tun device, same at both ends. # make-ssh-tunnel HITHER YON INTERFACE GW Others can connect as well but must use other configurations. Certain hosts are common and well known, we give them fixed configurations. They will use 172.17.2.0/24 as the VPN "carrier" network. Presume a server, we'll call it "hub", to which ssh tunnel clients connect. You don't need to run some other VPN through ssh. A quick google search turns up this blog post which does essentially the same thing, has good descriptions of what's going on, but seems to be more complicated in the solution (using a connection script)Īlternatively, you might also look at using obfs4proxy (e.g. That should work, at least for ipv4 traffic. You might be able to to use the hostname REMOTE in that directive, but you might need to resolve it to an IP address manually. To do this, add another directive to your OpenVPN config that looks like this: route REMOTE-IP 255.255.255.255 net_gateway default For that to work, you need to maintain a route to the SOCKS proxy end point that does not get masked by the routes added by the OpenVPN client. However, this still has one more failing, at least assuming you want to redirect all traffic through the VPN (OpenVPN directive redirect-gateway def1). Then you can start your OpenVPN connection. Then, start your ssh session with a dynamic SOCKS proxy: ssh -D 6886 -N REMOTE Add to your OpenVPN config file: socks-proxy localhost 6886 The fix for this is to use a dynamic SOCKS proxy and tell OpenVPN to connect via that proxy. ![]() First problem: you are only tunneling the connection to the VPN server itself, which does not then allow all other traffic to be routed through the VPN server OVER the ssh connection (thus obfuscating the connection). The simplistic approach to setting up your VPN connection through an SSH tunnel will not work. ![]()
0 Comments
Leave a Reply. |