Versions Compared

Old Version 17

changes.mady.by.user W.Erber

Saved on

compared with

New Version 18

changes.mady.by.user W.Erber

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: small addition

...

ActionCommand
Create TAP interface# ip tuntap add dev tap0 mod tap
Enable TAP interface# ip link set tap0 up
Create bridge# ip link add name br_vpn0 type bridge
Enable bridge interface# ip link set br_vpn0 up
Define IP address for bridge# ip addr add 192.168.0.1/24 dev br_vpn0
Add TAP interface to bridge# ip link set tap0 master br_vpn0

Start  the SSH tunnel

autossh is a program to start a copy of ssh and monitor it, restarting it
as necessary should it die or stop passing traffic.

Once started, you can move the program to the background.

# autossh -M 9876 -o ServerAliveInterval=60 -o Tunnel=ethernet \
  -w 0:0 -t -i <path-to-private-key> -NCT sshuser@<public-AWS-instance-IP>

-M defines the monitoring port autossh uses to monitor the connection
-o  sets SSH options (bridged tunnel and keepalive)
-i   denotes the path to the private key matching the public key copied to the host system.
-w denotes the number of the local and remote tunnel interfaces for tunnel device forwarding
     (e.g., the 0 in interface tap0). 
-N denotes that no remote command should be executed
-T disables pseudo-terminal allocation
-C requests data compression

Possible additional steps:

  • Enable IP forwarding on the remote Linux system if it is to act as a router between the tunnel connection and
    other systems in the customer network:
    # /sbin/sysctl -w net.ipv4.ip_forward=1
    (to make permanent: add the setting to /etc/sysctl.conf)
  • Add static or dynamic routes to distribute the tunnel subnet to other systems in the customer network that need to communicate with the Solaris guest system across the VPN..
  • Adapt the firewall on the remote Linux system as required to allow the VPN traffic to pass.

Steps on the Solaris Guest System

...