To use this protocol you need to add the "PermitTunnel yes" option to the "/etc/ssh/sshd_config" file and restart the ssh service on the server side. You also need to configure the tun/tap interface.
The tun/tap interface can only be used by one session at a time, and if there are connectivity issues, the session may remain connected and prevent new connections until the server closes the session due to timeout. To avoid this problem you can create a server-side script that handles these situations.
For example, this script closes the old session and, if necessary, creates the tun/tap interface
~/ssh_tun_script.sh
Code: Select all
#/bin/bash
SESSION_PID_FILE="/home/$USER/.ssh_tun_session_pid"
# Kill old session if exist
if [ -f $SESSION_PID_FILE ]; then
pkill -F $SESSION_PID_FILE -f "sshd: $USER" && echo "kill old session with pid $(cat $SESSION_PID_FILE)"
fi
# Save pid of current session
echo $(ps -p $$ -o ppid=) > $SESSION_PID_FILE
# Create device if not exist
if ! ip link show $DEVICE &> /dev/null; then
if [ -z "$1" ]; then
echo "usage $0 ipaddress"
exit 1
fi
sudo ip tuntap add $DEVICE mode $MODE
sudo ip addr add $1 dev $DEVICE
sudo ip link set $DEVICE up
fi
- edit the VPN profile
- tap on "Options"
- select "Run server script" and set value to "./ssh_tun_script.sh 192.168.99.1/24" (replace 192.168.99.1/24 with your ip address)
- save the changes