Last active
June 26, 2023 10:03
-
-
Save sulincix/9821a4da7d6dead3ca255c00e7df79c1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#Simple ssh based vpn written pure bash (tested on devuan server and sulin client) | |
#Usage: sshvpn ip-addres [--init] | |
#If you dont wanna enable root login, You can run manually way init fuction. | |
set -ex | |
ip="$1" | |
# Remote tunnel device config | |
if echo "$@" | grep -- "--init" ; then | |
#You must enable this settings in /etc/ssh/sshd_config file: | |
#PermitTunnel yes | |
#AllowTcpForwarding yes | |
#PasswordAuthentication yes | |
#Also you must enable this settings in /etc/ssh/ssh_config file: | |
#Tunnel yes | |
{ | |
cat <<EOF | |
set -ex | |
userdel sshvpn || true | |
useradd --system -s /bin/false -m -d /var/lib/sshvpn sshvpn || true | |
mkdir -p /var/lib/sshvpn || true | |
chown -R sshvpn /var/lib/sshvpn || true | |
#You must change vpn password (default 1) | |
#If you want to login without password you must add your ssh key | |
echo -e "1\n1\n" | passwd sshvpn | |
tunctl -d tap0 | |
tunctl -t tap0 -u sshvpn | |
ifconfig tap0 10.0.0.1 netmask 255.255.255.0 up | |
ip link set tap0 up | |
ip addr add 10.0.0.1/24 dev tap0 || true | |
ip route add 10.0.0.0/24 dev tap0 || true | |
EOF | |
} | ssh root@"${ip}" | |
else | |
# Local tunnel device config | |
tunctl -d tap0 | |
tunctl -t tap0 | |
ifconfig tap0 10.0.0.2 netmask 255.255.255.0 up | |
ip link set tap0 up | |
ip addr add 10.0.0.2/24 dev tap0 || true | |
ip route add 10.0.0.0/24 dev tap0 || true | |
ssh -N -vvv -o Tunnel=ethernet -w 0:0 sshvpn@"${ip}" | |
tunctl -d tap0 | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment