Skip to content

Instantly share code, notes, and snippets.

@hd1801

hd1801/ssh_vpn.md

Forked from CMCDragonkai/ssh_vpn.md
Created January 8, 2024 16:47
Show Gist options
  • Save hd1801/20890433c561ac4c0c036aa9c851fbb8 to your computer and use it in GitHub Desktop.
Save hd1801/20890433c561ac4c0c036aa9c851fbb8 to your computer and use it in GitHub Desktop.
Download ZIP
SSH VPN #cli
Raw
ssh_vpn.md

SSH VPN

Here's an example of setting up a basic point to point VPN using SSH tunnels.

First you need a server in the cloud that isn't behind a NAT.

Ensure that the host and server has port 22 open and is running sshd.

If you're using AWS, make sure to check your security groups.

Edit /etc/ssh/sshd_config contains:

AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts clientspecified
X11Forwarding yes

Then run:

sudo systemctl reload sshd

Now your server in the middle will allow agent forwarding, TCP forwarding, binding to public IP, and X11 forwarding.

We won't actually need any of those settings. But it will be useful when doing more advanced things.

From the host run:

ssh -v -N -T -R 55555:localhost:22 user-server@server

From the client run:

ssh -v -N -T -L 55555:localhost:55555 user-server@server

You have now mapped 22 on the host to 55555 on the server, then to 55555 on the client.

You can now ssh into your host from the client:

ssh user-host@localhost -p 55555

To make your host more reliable, you can instead use autossh:

autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -v -N -T -R 55555:localhost:22 user-server@server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment