If you see a lot of banner ads on certain websites, you know that without a Virtual Private Network (VPN), hackers will quickly ravage your computer and burn down your house. Well, that seems to be what they imply. In reality, though, there are two main reasons you might want a VPN connection. You can pay for a service, of course, but if you have ssh access to a computer somewhere on the public Internet, you can set up your own VPN service for no additional cost.
The basic idea is that you connect to a remote computer on another network and it makes it look like all your network traffic is local to that network. The first case for this is to sidestep or enhance security. For example, you might want to print to a network printer without exposing that printer to the public Internet. While you are at the coffee shop you can VPN to your network and print just like you were a meter away from the printer at your desk. Your traffic on the shop’s WiFi will also be encrypted.
The second reason is to hide your location from snooping. For example, if you like watching the BBC videos but you live in Ecuador, you might want to VPN to a network in the UK so the videos are not blocked. If your local authorities monitor and censor your Internet, you might also want your traffic coming from somewhere else.
Using SSH for VPN will work for both cases, although if you are mostly interested in the first case, you are probably going to be happier using a dedicated router or a small computer like a Raspberry Pi dedicated to the task. However, if you are leasing a server somewhere, that option isn’t going to work for you.
Prerequisites
You really only need root access to both machines and SSH server on the remote machine along with the SSH client. There is some configuration required on both sides. I use KDE so I used NetworkManager to set things up, although that isn’t necessary. It just makes things easier.
The server needs a few special items set up, but those items may already be present. In /etc/ssh/sshd_config you will want PermitTunnel=yes and you may need to set AllowTCPForwarding to yes, as well. The firewall may need some tweaks, too. The setup instructions for the NetworkManager plug-in will be useful even if you don’t want to use it.
Client Side
If you are using NetworkManager, you’ll need the plug-in. For Neon and other Debian-type distributions, you can find the network-manager-ssh package and that’s all you need. If you don’t want to use it, you can use this line from the plug-in author’s blog:
ssh -f -v -o Tunnel=point-to-point -o ServerAliveInterval=10 -o TCPKeepAlive=yes -w 100:100 root@YOUR_SSH_SERVER '/sbin/ifconfig tun100 172.16.40.1 netmask 255.255.255.252 pointopoint 172.16.40.2' && /sbin/ifconfig tun100 172.16.40.2 netmask 255.255.255.252 pointopoint 172.16.40.1
You will need to be root on both ends because you are creating a tunnel device. This leads to a few problems, even …read more
Source:: Hackaday