Am 04.01.19 um 14:10 schrieb Jochen Bern: > On 01/04/2019 10:57 AM, Thomas Güttler wrote: >> What is the current state of the art if you want to create VPN over ssh? > > It might depend on your Platform (I've been essentially Linux-only these > past years), but I have a section "SSH-BASED VIRTUAL PRIVATE NETWORKS" > in the "ssh" manpage of even rather old OpenSSH versions ... > > (It requires *root* access on both ends to configure tun* interfaces, > but since you were discussing installing additional proxying(?) > software, I guess that you have that.) > > (It also assumes that the subnets involved don't have addresse > collisions. I suppose that one *could* resolve that with NATing in both > peers' iptables, but it'ld promise to be quite a lot of careful work IMHO.) > > On 01/04/2019 12:50 PM, Jan Bergner wrote: >> I see your point. Remote work on a production system always makes my >> heart beat faster, too. ^^ > > You don't have production systems installed at colo/hosting/housing > provider sites, then. ;-) :-S That is not remote. I can use their web-VNC or even call them if something goes wrong. For my company, I sometimes have to remote-configure devices in customers' networks at locations on another continent that might be several hundred kilometers away from the next airport while the internet uplink is 2G to 3G. Screwing up might mean a one-week-travel for someone, if the customer does not understand his own network and is able to fix an issue by himself. ;-) > > (Preparing for semisolids-in-the-gas-moving-device situations by having > remote OOB access to "consoles" - from modem-at-the-RS232-port to > servers' management NICs offering ILO/iDRAC/EXPRESSSCOPE/whatsitsname - > and hardware health monitoring quickly becomes second nature, including > on "local" platforms - in case you're actually *not* "local" when the > cell phone rings and have to VPN into the company "L"AN beforehand.) > > Regards, >
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev