Re: VPN over SSH: State of the art?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 




Am 04.01.19 um 14:10 schrieb Jochen Bern:
> On 01/04/2019 10:57 AM, Thomas Güttler wrote:
>> What is the current state of the art if you want to create VPN over ssh?
> 
> It might depend on your Platform (I've been essentially Linux-only these
> past years), but I have a section "SSH-BASED VIRTUAL PRIVATE NETWORKS"
> in the "ssh" manpage of even rather old OpenSSH versions ...
> 
> (It requires *root* access on both ends to configure tun* interfaces,
> but since you were discussing installing additional proxying(?)
> software, I guess that you have that.)
> 
> (It also assumes that the subnets involved don't have addresse
> collisions. I suppose that one *could* resolve that with NATing in both
> peers' iptables, but it'ld promise to be quite a lot of careful work IMHO.)
> 
> On 01/04/2019 12:50 PM, Jan Bergner wrote:
>> I see your point. Remote work on a production system always makes my
>> heart beat faster, too. ^^
> 
> You don't have production systems installed at colo/hosting/housing
> provider sites, then. ;-) :-S
That is not remote. I can use their web-VNC or even call them if
something goes wrong.

For my company, I sometimes have to remote-configure devices in
customers' networks at locations on another continent that might be
several hundred kilometers away from the next airport while the internet
uplink is 2G to 3G. Screwing up might mean a one-week-travel for
someone, if the customer does not understand his own network and is able
to fix an issue by himself. ;-)


> 
> (Preparing for semisolids-in-the-gas-moving-device situations by having
> remote OOB access to "consoles" - from modem-at-the-RS232-port to
> servers' management NICs offering ILO/iDRAC/EXPRESSSCOPE/whatsitsname -
> and hardware health monitoring quickly becomes second nature, including
> on "local" platforms - in case you're actually *not* "local" when the
> cell phone rings and have to VPN into the company "L"AN beforehand.)
> 
> Regards,
> 


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux