Page 1 of 1

SSH Tun protocol hints

Posted: Fri Jun 21, 2024 7:07 am
by admin
The SSH Tun protocol uses the "ssh -w" option
To use this protocol you need to add the "PermitTunnel yes" option to the "/etc/ssh/sshd_config" file and restart the ssh service on the server side. You also need to configure the tun/tap interface.

The tun/tap interface can only be used by one session at a time, and if there are connectivity issues, the session may remain connected and prevent new connections until the server closes the session due to timeout. To avoid this problem you can create a server-side script that handles these situations.

For example, this script closes the old session and, if necessary, creates the tun/tap interface

~/ssh_tun_script.sh

Code: Select all

#/bin/bash

SESSION_PID_FILE="/home/$USER/.ssh_tun_session_pid"

# Kill old session if exist
if [ -f $SESSION_PID_FILE ]; then
  pkill -F $SESSION_PID_FILE -f "sshd: $USER" && echo "kill old session with pid $(cat $SESSION_PID_FILE)"
fi

# Save pid of current session
echo $(ps -p $$ -o ppid=) > $SESSION_PID_FILE

# Create device if not exist
if ! ip link show $DEVICE &> /dev/null; then
  if [ -z "$1" ]; then
    echo "usage $0 ipaddress"
    exit 1
  fi
  sudo ip tuntap add $DEVICE mode $MODE
  sudo ip addr add $1 dev $DEVICE
  sudo ip link set $DEVICE up
fi
To run the script on connection you need to change the client configuration:
  • edit the VPN profile
  • tap on "Options"
  • select "Run server script" and set value to "./ssh_tun_script.sh 192.168.99.1/24" (replace 192.168.99.1/24 with your ip address)
  • save the changes