blob: 7fe339ab9f1921b8309cee55d4a56e622e17af2c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
## How to make a point-to-point VPN
Socat is a powerful tool which can work together with Tuntox.
On the server (where tuntox is already running):
socat -d -d 'TCP-LISTEN:9876' 'TUN:10.20.30.41/24,up'
On the client:
socat -d -d TUN:10.20.30.40/24,up 'SYSTEM:./tuntox -W 127.0.0.1@9876 -i 86e70ffe9f835b12667d296f2df9c307ba1aff06'
Viola, you have a point-to-point VPN. On client:
# ping 10.20.30.41
PING 10.20.30.41 (10.20.30.41) 56(84) bytes of data.
64 bytes from 10.20.30.41: icmp_seq=1 ttl=64 time=138 ms
64 bytes from 10.20.30.41: icmp_seq=2 ttl=64 time=169 ms
64 bytes from 10.20.30.41: icmp_seq=3 ttl=64 time=130 ms
64 bytes from 10.20.30.41: icmp_seq=4 ttl=64 time=90.8 ms
64 bytes from 10.20.30.41: icmp_seq=5 ttl=64 time=50.7 ms
## Full madness mode: tunnelling VPN over SSH over Tox
No need to log in run and run socat on the server.
Also: inefficient, insecure (requires PermitRootLogin yes on server).
On the client:
socat -d -d TUN:10.20.30.40/24,up 'SYSTEM:ssh root@localhost -o ProxyCommand=\"./tuntox -W "127.0.0.1:22" -d -i 86e70ffe9f835b12667d296f2df9c307ba1aff06\" socat -d -d - "TUN:10.20.30.41/24,up"'
# ping 10.20.30.41
PING 10.20.30.41 (10.20.30.41) 56(84) bytes of data.
64 bytes from 10.20.30.41: icmp_seq=1 ttl=64 time=50.6 ms
64 bytes from 10.20.30.41: icmp_seq=2 ttl=64 time=81.2 ms
64 bytes from 10.20.30.41: icmp_seq=3 ttl=64 time=50.3 ms
64 bytes from 10.20.30.41: icmp_seq=4 ttl=64 time=151 ms
64 bytes from 10.20.30.41: icmp_seq=5 ttl=64 time=50.3 ms
Based on [Ben Martin's article](https://www.linux.com/news/software/developer/17942-socat-the-general-bidirectional-pipe-handler)
I've also heard about a new program called [ToxVPN](https://github.com/cleverca22/toxvpn), who knows - maybe it does a better job? And more recently someone created [toxtun](http://toxtun.jschwab.org/), slowclap.gif for the creative choice of name.
|