sshvpn.sh

#!/bin/bash
#Simple ssh based vpn written pure bash (tested on devuan server and sulin client)
#Usage: sshvpn ip-addres [--init]
#If you dont wanna enable root login, You can run manually way init fuction.
set -ex
ip="$1"
# Remote tunnel device config
if echo "$@" | grep -- "--init" ; then
#You must enable this settings in /etc/ssh/sshd_config file:
#PermitTunnel yes
#AllowTcpForwarding yes
#PasswordAuthentication yes
#Also you must enable this settings in /etc/ssh/ssh_config file:
#Tunnel yes
{
cat <<EOF
set -ex
userdel sshvpn || true
useradd --system -s /bin/false -m -d /var/lib/sshvpn sshvpn || true
mkdir -p /var/lib/sshvpn || true
chown -R sshvpn /var/lib/sshvpn || true
#You must change vpn password (default 1)
#If you want to login without password you must add your ssh key
echo -e "1\n1\n" | passwd sshvpn
tunctl -d tap0
tunctl -t tap0 -u sshvpn
ifconfig tap0 10.0.0.1 netmask 255.255.255.0 up
ip link set tap0 up
ip addr add 10.0.0.1/24 dev tap0 || true
ip route add 10.0.0.0/24 dev tap0 || true
EOF
} | ssh root@"${ip}"
else
# Local tunnel device config
tunctl -d tap0
tunctl -t tap0
ifconfig tap0 10.0.0.2 netmask 255.255.255.0 up
ip link set tap0 up
ip addr add 10.0.0.2/24 dev tap0 || true
ip route add 10.0.0.0/24 dev tap0 || true
ssh -N -vvv -o Tunnel=ethernet -w 0:0 sshvpn@"${ip}"
tunctl -d tap0
fi