#!/bin/bash
# Want to know more? Follow me on telegram: https://t.me/linuxcheatsheet
# Quick and dirty ssh vpn
# 1) run on your pc as root with RUN_ON_CLIENT=y
# 2) run on your server as root with RUN_ON_CLIENT=n
# 3) from your pc
# ssh -C -w 2:2 root@yourserver
# 4) open another terminal in your pc and try to ping 10.0.0.1
# I just suppose that tun2 is always a free name. please verify
TUNDEV=tun2
# create a point-to-point network
# between 10.0.0.1 (server) and 10.0.0.2 (client)
# please adapt to your network if needed
IPSERVER=10.0.0.1
IPCLIENT=10.0.0.2
CIDR=30
# Set to 'y' and run on your PC
RUN_ON_CLIENT=y
# Set to 'n' and run on server side
#RUN_ON_CLIENT=n
# Check ssh configuration PermitTunnel
if ( grep -qE "^[^#]*PermitTunnel.*yes.*$" /etc/ssh/sshd_config || [ "$RUN_ON_CLIENT" = "y" ] ); then {
echo "ssh PermitTunnel already enabled"
} else {
echo "reconfiguring ssh..."
sed -i "s/.*PermitTunnel.*//" /etc/ssh/sshd_config
echo "PermitTunnel yes" >> /etc/ssh/sshd_config
echo "ssh will restart in 5 sec. Please logout and reconnect to ssh"
sleep 5 && service sshd restart
exit 0
}
fi
# Prepare /dev/net/tun device node
if ( [ -c /dev/net/tun ] ); then {
echo "Creating tun device node"
[ -e /dev/net/tun ] && rm -f /dev/net/tun
[ -d /dev/net ] || mkdir /dev/net
mknod /dev/net/tun c 10 200
chmod 0666 /dev/net/tun
}
fi
# Load tun module if not yet loaded
modprobe tun
if ( [ "$RUN_ON_CLIENT" = "y" ] ); then {
IP=$IPCLIENT
} else {
IP=$IPSERVER
}
fi
# Create tun interface
ip tuntap add dev $TUNDEV mode tun
ip addr add ${IP}/${CIDR} dev $TUNDEV
ip link set dev $TUNDEV up
if ( ping -c1 -w1 $IP &> /dev/null 2> /dev/null ); then
echo "*** $TUNDEV is up with $IP ***"
fi
exit 0
