How to setup a VPN using ssh and pppd

This is a step by step guide for setting up a VPNĀ using pppd and ssh. To accomplish this you will need two Linux boxes, one acting as server and the second one as client. The "server" must have a static IP address or dynamic dns name. The firewall on both boxes must allow traffic on port that sshd listens.

Server side

1. Install some package to make our job easier later

for deb based linux boxes:

apt-get install ipcalc

for rpm based linux boxes:

yum install whatmask

2. Create a local account on server to be used by the clients that are connecting.

adduser --system --group vpn

3. Modify /etc/passwd file

vim /etc/passwd
:%s/\/home\/vpn:\/bin\/false/\/home\/vpn:\/bin\/bash/g
:wq

4. Set a password for vpn account. The vpn account password will only be used while doing the initial configuration of your VPN clients, so I strongly recommend NOT to use a weak password.

passwd vpn

5. This vpn account needs rights to bring the ppp connection up and down as well as modify the system routing table. Edit your sudoers file:

sudo visudo

and append the following lines to the end of the file:

vpn ALL=NOPASSWD: /usr/sbin/pppd
vpn ALL=NOPASSWD: /sbin/route

6. Finally, we need to log in as the vpn and set up a few bits in its home folder.

sudo su - vpn
cd ~
mkdir .ssh

Client side

1. Assuming eth0 is network interface connected to the network determine the local network details

CLIENT_LAN_IF="eth0"
LOCAL_IP=`ifconfig ${CLIENT_LAN_IF} | grep inet | awk '{print $2}' | sed 's/addr://'`
LOCAL_MASK=`ifconfig ${CLIENT_LAN_IF} | grep inet | awk '{print $4}' | sed 's/Mask://' | sed 's/Scope:Link//'`
LOCAL_NETWORK=`ipcalc $LOCAL_IP $LOCAL_MASK -n -b | grep Network | awk '{print $2}'`

2. Start vpn to server

sudo /usr/sbin/pppd updetach noauth passive pty "/usr/bin/ssh -P host -lvpn -i id_rsa -o Batchmode=yes sudo /usr/sbin/pppd nodetach notty noauth" ipparam vpn 192.168.1.238:192.168.1.237

Note:

  • local IP address 192.168.1.238
  • remote IP address 192.168.1.237

3. Make the server our gateway

sudo route add -net $LOCAL_NETWORK gw 192.168.1.238

Links:
http://tuxnetworks.blogspot.ro/2011/05/howto-easiest-vpn-setup-ever.html

Leave a Reply

Your email address will not be published. Required fields are marked *