I know that this has been discussed before and I know that you should avoid it, and use a real VPN solution. I would like to move from port-forwarding via ssh to VPN and I have only the ssh port open. What is the current state of the art if you want to create VPN over ssh? Regards, Thomas -- Thomas Guettler http://www.thomas-guettler.de/ I am looking for feedback: https://github.com/guettli/programming-guidelines
Hello Thomas, this is probably not what you had in mind, but there is a way to use SSH and OpenVPN on the same port. Have a look at this: https://github.com/yrutschle/sslh SSLH can be configured to redirect SSH and OpenVPN traffic (and some other protocols) to different destinations according to the type of traffic. So, you could use SSH and an OpenVPN over TCP via the same external port. In my experience, SSLH is available on most mayor linux distributions via the official repositories and configuration is rather simple. (In all fairness, it can get tricky if you need transparent proxying in combination with a firewall.) I hope this is useful for you. Best regards, Jan Am 04.01.19 um 10:57 schrieb Thomas G?ttler:> I know that this has been discussed before and I know that you should avoid > it, and use a real VPN solution. > > I would like to move from port-forwarding via ssh to VPN and I have only > the ssh port open. > > What is the current state of the art if you want to create VPN over ssh? > > Regards, > ? Thomas > >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190104/74a98cac/attachment.asc>
Am 04.01.19 um 11:39 schrieb Jan Bergner:> Hello Thomas, > > this is probably not what you had in mind, but there is a way to use SSH > and OpenVPN on the same port. > > Have a look at this: > https://github.com/yrutschle/sslh > > SSLH can be configured to redirect SSH and OpenVPN traffic (and some > other protocols) to different destinations according to the type of > traffic. So, you could use SSH and an OpenVPN over TCP via the same > external port. > In my experience, SSLH is available on most mayor linux distributions > via the official repositories and configuration is rather simple. (In > all fairness, it can get tricky if you need transparent proxying in > combination with a firewall.) > > I hope this is useful for you.Hi Jan and other ssh-experts, yes, I that's not what I had in mind. But why not? I think it is a valid solution. I am a bit afraid: If setting it up fails, we loose control over our remote machines, since ssh is the only permanent connection we have. Thank you, Thomas -- Thomas Guettler http://www.thomas-guettler.de/ I am looking for feedback: https://github.com/guettli/programming-guidelines
I use sshuttle (https://github.com/sshuttle/sshuttle) extensively from home to work, and from work to work, but I'm the only one who uses it so I wouldn't call it ?production? at my work. ? Larry On 1/4/19 1:57 AM, Thomas G?ttler wrote:> I know that this has been discussed before and I know that you should > avoid > it, and use a real VPN solution. > > I would like to move from port-forwarding via ssh to VPN and I have only > the ssh port open. > > What is the current state of the art if you want to create VPN over ssh? > > Regards, > ? Thomas > >