version 1.257.2.1, 2006/09/30 04:06:51 |
version 1.257.2.2, 2006/11/08 00:17:14 |
|
|
and at what level (layer 2 or 3 traffic). |
and at what level (layer 2 or 3 traffic). |
.Pp |
.Pp |
The following example would connect client network 10.0.50.0/24 |
The following example would connect client network 10.0.50.0/24 |
with remote network 10.0.99.0/24, provided that the SSH server |
with remote network 10.0.99.0/24 using a point-to-point connection |
running on the gateway to the remote network, |
from 10.1.1.1 to 10.1.1.2, |
at 192.168.1.15, allows it: |
provided that the SSH server running on the gateway to the remote network, |
|
at 192.168.1.15, allows it. |
|
.Pp |
|
On the client: |
.Bd -literal -offset indent |
.Bd -literal -offset indent |
# ssh -f -w 0:1 192.168.1.15 true |
# ssh -f -w 0:1 192.168.1.15 true |
# ifconfig tun0 10.0.50.1 10.0.99.1 netmask 255.255.255.252 |
# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 |
|
# route add 10.0.99.0/24 10.1.1.2 |
.Ed |
.Ed |
.Pp |
.Pp |
|
On the server: |
|
.Bd -literal -offset indent |
|
# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 |
|
# route add 10.0.50.0/24 10.1.1.1 |
|
.Ed |
|
.Pp |
Client access may be more finely tuned via the |
Client access may be more finely tuned via the |
.Pa /root/.ssh/authorized_keys |
.Pa /root/.ssh/authorized_keys |
file (see below) and the |
file (see below) and the |
|
|
tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john |
tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john |
.Ed |
.Ed |
.Pp |
.Pp |
Since a SSH-based setup entails a fair amount of overhead, |
Since an SSH-based setup entails a fair amount of overhead, |
it may be more suited to temporary setups, |
it may be more suited to temporary setups, |
such as for wireless VPNs. |
such as for wireless VPNs. |
More permanent VPNs are better provided by tools such as |
More permanent VPNs are better provided by tools such as |