Linux TUN/TAP using the openssh and Python3
This package comes with two command line interfaces:
- ssh-tuntap-server
- ssh-tuntap-client
this tutorial show's how to use this project:
Currently only point-to-point (tun) layer-3 tunneling is supported.
You have to install this package on both client and server.
sudo -H pip3 install sshtuntapOr
sudo -H pip3 install git+https://github.com/pylover/sshtuntap.gitssh-tuntap-server completion install # On server
ssh-tuntap-client completion install # On clientOpen new bash instance to perform changes.
ssh-tuntap-server --help
ssh-tuntap-client --helpThe server cli stands for setup network, add, delete and list users. this is just a utility to perform user and tuntap interface management and ip address assignment.
Enable ssh tunneling on the server by editing the
/etc/ssh/sshd_config and ensure the line:
PermitTunnel yes
Or
PermitTunnel point-to-point
see man 5 sshd_config for more info.
Restart the ssh server to perform the changes.
service ssh restartsudo ssh-tuntap-server installOr
sudo ssh-tuntap-server install 192.168.22.0/24you may use uninstall sub-command to remove systemd service.
sudo ssh-tuntap-server uninstallYou have to create the server user mannualy (depends on your distro).
Here I'm using ubuntu server 18.04. and assume the server's hostname is
example.com.
Run these commands on the server:
sudo adduser fooThen use this command to create /home/foo/.ssh/tuntap.yml:
sudo ssh-tuntap-server add fooClient command line stands for fetch host configuration from the server
and perform connection using the ssh -w.
ssh-copy-id [email protected]
ssh-tuntap-client setup [email protected]Use this to connect:
sudo ssh-tuntap-client connectEdit /etc/sysctl.conf on the server to enable ip forwarding.
net.ipv4.ip_forward = 1Run sysctl -p to refresh with the new configuration
sudo sysctl -pConfigure NAT
sudo iptables -tnat -APOSTROUTING -s192.168.22.0/24 -jMASQUERADEiptables persistency
sudo apt install iptables-persistent netfilter-persistent