We help IT Professionals succeed at work.

Ethernet - Ethernet SSH Bridge

radar264
radar264 asked
on
Medium Priority
2,433 Views
Last Modified: 2012-05-06

Anyone know how to configure a Bridged SSH tunnel between two linux servers to Bridge two Ethernet LANs over a WAN.

LAN1----- Linux-Box1 ---------ssh tunnel---------- Linux-Box2---------LAN2

All traffic, including broadcasts, on the two LANs needs to bridged across the ssh tunnel

I know how to do this with OpenVPN (which does this Bridged VPN config).
I do not want to use OpenVPN.
Could consider other Layer 2 Bridged VPN solutions but they have to be software based. i.e. not two hardware routers/vpn gateways.

Comment
Watch Question

Top Expert 2009

Commented:
HI
i never done this, but got some good refences

http://www.linuxquestions.org/questions/linux-networking-3/linux-tunnel-660589/
http://www.linux.com/feature/54894

specailly this one , how to do ssh tunniling , this might need you to register but worth to have a look

http://www.linux-mag.com/id/1705   

Author

Commented:
Thanks but the links are all the standard SSH tunneling stuff. None explains how to create a ssh TAP interface and bridge to the physical eth interface.
Top Expert 2009

Commented:
ommmm
what about this one


http://magazine.redhat.com/2007/11/27/advanced-ssh-configuration-and-tunneling-we-dont-need-no-stinking-vpn-software/
if it does not work then will have to look more ..

Author

Commented:
Thanks, but again its only SSH doing port forwarding or layer 3 VPN (routed).

What I m trying to do is a Layer 2 VPN (bridged) which needs SSH to be configured with TAP interfaces

Been going through every ssh url i can find and some mention SSH and tap/tun but none so far have explained how to setup ssh with tap interfaces.
Top Expert 2009

Commented:
yes, i was looking for ssh with tap, but only ssh with tab i got which is by using vpn server [ not open vpn]

you sure, without any vpn server you can create tap enterface ??

will look again see what happended
CERTIFIED EXPERT
Top Expert 2007
Commented:
I think these instructions should be what you need

http://rc.quest.com/viewvc/openssh/trunk/openssh/README.tun?view=markup

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2007

Commented:
I've also included this section from Damien Miller (one of the openssh developers) for reference:

Damien Miller: Reyk and Markus' new tunneling support allows you to make a real VPN using OpenSSH without the need for any additional software. This goes well beyond the TCP port forwarding that we have supported for years - each end of a ssh connection that uses the new tunnel support gets a tun(4) interface which can pass packets between them. This is similar to the type of VPN supported by OpenVPN or other SSL-VPN systems, only it runs over SSH. It is therefore really easy to set up and automatically inherit the ability to use all of the authentication schemes supported by SSH (password, public key, Kerberos, etc.)

The tunnel interfaces that form the endpoints of the tunnel can be configured as either a layer-3 or a layer-2 link. In layer-3 mode you can configure the tun(4) interfaces with IP or IPv6 addresses and route packets over them like any other interface - you could even run a dynamic routing protocol like OSPF over them if you were so inclined. In layer-2 mode, you can make them part of a bridge(4) group to bridge raw ethernet frames between the two ends.

A practical use of this might be securely linking back to your home network while connected to an untrusted wireless net, being able to send and receive ICMP pings and to use UDP based services like DNS.

Like any VPN system that uses a reliable transport like TCP, an OpenSSH's tunnel can alter packet delivery dynamics (e.g. a dropped transport packet will stall all tunnelled traffic), so it probably isn't so good for things like VOIP over a lossy network (use IPsec for that), but it is still very useful for most other things.
Top Expert 2009

Commented:
Perfect LInk you gave .

I will try that one aswell, i never knew you can do that!!!

thanks @tintin

CERTIFIED EXPERT
Top Expert 2007

Commented:
I have to say that I wasn't aware that you could do layer 2 tunnelling with ssh either.  Learn something new each day.
Top Expert 2009

Commented:
I thought myself as a good google user, but i will have to say you are best google searcher then me!!
i was trying to get this kind of link from last 2 hours but failed!!! and you find it... Experienced guy!!!




Author

Commented:
Cheers, looks like the config i am after. Will get it run up on the lab later tonight.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.