[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2193
  • Last Modified:

Ethernet - Ethernet SSH Bridge


Anyone know how to configure a Bridged SSH tunnel between two linux servers to Bridge two Ethernet LANs over a WAN.

LAN1----- Linux-Box1 ---------ssh tunnel---------- Linux-Box2---------LAN2

All traffic, including broadcasts, on the two LANs needs to bridged across the ssh tunnel

I know how to do this with OpenVPN (which does this Bridged VPN config).
I do not want to use OpenVPN.
Could consider other Layer 2 Bridged VPN solutions but they have to be software based. i.e. not two hardware routers/vpn gateways.

0
radar264
Asked:
radar264
  • 5
  • 3
  • 3
1 Solution
 
fosiul01Commented:
HI
i never done this, but got some good refences

http://www.linuxquestions.org/questions/linux-networking-3/linux-tunnel-660589/
http://www.linux.com/feature/54894

specailly this one , how to do ssh tunniling , this might need you to register but worth to have a look

http://www.linux-mag.com/id/1705   
0
 
radar264Author Commented:
Thanks but the links are all the standard SSH tunneling stuff. None explains how to create a ssh TAP interface and bridge to the physical eth interface.
0
 
fosiul01Commented:
ommmm
what about this one


http://magazine.redhat.com/2007/11/27/advanced-ssh-configuration-and-tunneling-we-dont-need-no-stinking-vpn-software/
if it does not work then will have to look more ..
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
radar264Author Commented:
Thanks, but again its only SSH doing port forwarding or layer 3 VPN (routed).

What I m trying to do is a Layer 2 VPN (bridged) which needs SSH to be configured with TAP interfaces

Been going through every ssh url i can find and some mention SSH and tap/tun but none so far have explained how to setup ssh with tap interfaces.
0
 
fosiul01Commented:
yes, i was looking for ssh with tap, but only ssh with tab i got which is by using vpn server [ not open vpn]

you sure, without any vpn server you can create tap enterface ??

will look again see what happended
0
 
TintinCommented:
I think these instructions should be what you need

http://rc.quest.com/viewvc/openssh/trunk/openssh/README.tun?view=markup
0
 
TintinCommented:
I've also included this section from Damien Miller (one of the openssh developers) for reference:

Damien Miller: Reyk and Markus' new tunneling support allows you to make a real VPN using OpenSSH without the need for any additional software. This goes well beyond the TCP port forwarding that we have supported for years - each end of a ssh connection that uses the new tunnel support gets a tun(4) interface which can pass packets between them. This is similar to the type of VPN supported by OpenVPN or other SSL-VPN systems, only it runs over SSH. It is therefore really easy to set up and automatically inherit the ability to use all of the authentication schemes supported by SSH (password, public key, Kerberos, etc.)

The tunnel interfaces that form the endpoints of the tunnel can be configured as either a layer-3 or a layer-2 link. In layer-3 mode you can configure the tun(4) interfaces with IP or IPv6 addresses and route packets over them like any other interface - you could even run a dynamic routing protocol like OSPF over them if you were so inclined. In layer-2 mode, you can make them part of a bridge(4) group to bridge raw ethernet frames between the two ends.

A practical use of this might be securely linking back to your home network while connected to an untrusted wireless net, being able to send and receive ICMP pings and to use UDP based services like DNS.

Like any VPN system that uses a reliable transport like TCP, an OpenSSH's tunnel can alter packet delivery dynamics (e.g. a dropped transport packet will stall all tunnelled traffic), so it probably isn't so good for things like VOIP over a lossy network (use IPsec for that), but it is still very useful for most other things.
0
 
fosiul01Commented:
Perfect LInk you gave .

I will try that one aswell, i never knew you can do that!!!

thanks @tintin

0
 
TintinCommented:
I have to say that I wasn't aware that you could do layer 2 tunnelling with ssh either.  Learn something new each day.
0
 
fosiul01Commented:
I thought myself as a good google user, but i will have to say you are best google searcher then me!!
i was trying to get this kind of link from last 2 hours but failed!!! and you find it... Experienced guy!!!




0
 
radar264Author Commented:
Cheers, looks like the config i am after. Will get it run up on the lab later tonight.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now