-1

I have two VPS centos 6.6 x64 with Public IP addresses example:1.1.1.1 and 2.2.2.2
VPS with 1.1.1.1 is a VPN server
I Need to connect 1.1.1.1 via ssh to 2.2.2.2
so My VPN clients on 1.1.1.1 can Have 2.2.2.2 Public IP address
How can I do this?

AriaData
  • 53
  • 1
  • 1
  • 5

1 Answers1

2

Have a look at the man page for ssh, it gives you a great example in there:

man ssh

SSH-BASED VIRTUAL PRIVATE NETWORKS
 ssh contains support for Virtual Private Network (VPN) tunnelling using the tun(4) network pseudo-device, allowing two networks to be joined securely.  The sshd_config(5) configuration option PermitTunnel controls whether the server sup-
 ports this, and at what level (layer 2 or 3 traffic).

 The following example would connect client network 10.0.50.0/24 with remote network 10.0.99.0/24 using a point-to-point connection from 10.1.1.1 to 10.1.1.2, provided that the SSH server running on the gateway to the remote network, at
 192.168.1.15, allows it.

 On the client:

       # ssh -f -w 0:1 192.168.1.15 true
       # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252
       # route add 10.0.99.0/24 10.1.1.2

 On the server:

       # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252
       # route add 10.0.50.0/24 10.1.1.1

 Client access may be more finely tuned via the /root/.ssh/authorized_keys file (see below) and the PermitRootLogin server option.  The following entry would permit connections on tun(4) device 1 from user ``jane'' and on tun device 2 from
 user ``john'', if PermitRootLogin is set to ``forced-commands-only'':

   tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
   tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john

 Since an SSH-based setup entails a fair amount of overhead, it may be more suited to temporary setups, such as for wireless VPNs.  More permanent VPNs are better provided by tools such as ipsecctl(8) and isakmpd(8).

You would also have to setup routes to ensure that the traffic flows to the correct "interface".

If you are looking for a more permanent setup, you might consider OpenVPN or IPSec based VPNs as they are a little more suited to the job and are more adaptable.

Don't create the VPNs using the Public IP's as the only IP's in the ifconfig, you will need to specify a private network to each of the servers, for instance

Server @ 1.1.1.1 - Private tun0 IP - 10.0.100.0/28 - 10.0.100.1

Server @ 2.2.2.2 - Private tun0 IP - 10.0.200.0/28 - 10.0.200.1

Then route traffic from 10.0.100.1 -> 10.0.200.1 or the other way round respectively.

Yan McCabe-Costa
  • 61
  • 4
  • It would also be helpful to know what you are trying to achieve as you can also setup an SSH tunnel to route only specific ports and specific traffic – Yan McCabe-Costa Jun 23 '15 at 11:17
  • Thanks alot , It was so helpfull, I will change it to openvpn or IPSec,I found the way by your answer. – AriaData Jun 23 '15 at 14:37