Changes

Changes

558 bytes added , 1 year ago

no edit summary

Line 73: Line 73:

The following config is best done from the terminal on a MikroTik device.

''Note: You can use the following config to connect two MikroTik systems. Just replicate the config below on each system you wish to connect.''

/ip ipsec policy

Line 233: Line 235:

==Persistent SSH Tunnels==

−

~~{{go to top}}~~

The following is how to create a persistent SSH Tunnel between two systems. This is handy if you want to secure data flowing across networks, or even setup a tunnel without messing with VPN configuration.

Line 245: Line 246:

Now switch to the user and generate an SSH key:

<pre>

−

su -s /bin/bash ~~useradd~~

su -s /bin/bash autossh

cd ~

ssh-keygen -b 4096

Line 257: Line 258:

===Copy public key to target system===

−

You will need to copy '''''id_rsa.pub''''' file from '''''/home/~~useradd~~/.ssh/''''' to the '''''authorized_keys''''' file on the remote system you want to connect to for the tunnel.

You will need to copy '''''id_rsa.pub''''' file from '''''/home/autossh/.ssh/''''' to the '''''authorized_keys''''' file on the remote system you want to connect to for the tunnel.

''Note: It is recommended that you also create a normal user on the remote system and not use root.''

Line 268: Line 269:

===Setup script===

−

Copy the following script, making the necessary changes as specified between the <> and place on the system that will initiate the tunnel (~~usually~~ /opt):

Copy the following script, making the necessary changes as specified between the <> and place on the system that will initiate the tunnel (here we will save it as /opt/ssh-tunnel.sh):

<pre>

#!/bin/sh

−

~~# Uses autossh to establish a tunnel to allstarlink.org for the Graylog Collector Sidecar~~

−

~~# on seal to pass data.~~

su -s /bin/sh autossh -c 'autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure=yes" -f -T -R localhost:<target port>:<local IP or localhost>:<local port> <user>@<domain>'

−

</pre>

{| class="wikitable"

Line 307: Line 306:

<pre>

−

chmod +x ~~<name_of_script>~~.sh

chmod +x /opt/ssh-tunnel.sh

</pre>

===Tunnel at startup===

−

To have ~~this~~ tunnel ~~automatically start if~~ the system ~~is rebooted~~, ~~add~~ a ~~call to the script~~ to rc.local.

To have the tunnel up when the system restarts, choose one of the following methods

====rc.local====

Add a line to /etc/rc.local that calls the script.

<pre>

−

/opt/~~<name_of_script>~~.sh

# Start AutoSSH tunnel at boot

/opt/ssh-tunnel.sh

</pre>

''Note: You may have to enable rc.local on Ubuntu and Debian based systems via systemd. Refer to your distributions documentation for information on how to enable it.''

====systemd====

To have the script start at boot with systemd, create the following file and add it to /etc/systemd/system/ssh-tunnel.service

=====ssh-tunnel.service=====

<pre>

[Unit]

Description=AutoSSH Tunnel at boot

[Service]

Type=oneshot

ExecStart=/opt/ssh-tunnel.sh

[Install]

WantedBy=multi-user.target

</pre>

=====Enable service=====

To enable the service to run via systemd run:

<pre>

systemctl enable ssh-tunnel.service

</pre>

== GRE Tunnel ==

Kg7qin

ASL-Corp members, Bureaucrats, Check users, Structured Discussions bots, oversight, Suppressors, Administrators, Upload Wizard campaign editors

1,714

edits

Retrieved from "http://wiki.pttlink.org/wiki/Special:MobileDiff/12355...12361"

VPN (view source)

Revision as of 01:16, 23 February 2024

Navigation menu

Search