Setting up an SSH VPN involves using SSH tunneling to create a secure connection between your local machine and a remote server, effectively acting as a VPN. Here's how to do it:
Basic SSH Tunnel (SOCKS Proxy)
This creates a local SOCKS proxy that routes traffic through the remote server.
Command:
ssh -D 1080 -C -N user@remote-server
-D 1080: Opens a SOCKS proxy on local port1080.-C: Enables compression (optional).-N: Runs without executing a remote command (just forwards ports).user@remote-server: Your SSH credentials.
Usage:
- Configure your browser/system to use a SOCKS proxy at
0.0.1:1080. - All traffic will route through the remote server.
Full Tunnel (Route All Traffic)
For a full VPN-like experience, use SSH with tun devices.
Requirements:
- Root access on the remote server.
tunkernel module enabled (modprobe tun).
Steps:
On the Server:
Edit /etc/ssh/sshd_config and ensure:
PermitTunnel yes
PermitRootLogin yesThen restart SSH:
sudo systemctl restart sshd
On the Client:
sudo ssh -w 0:0 -o Tunnel=ethernet user@remote-server
-w 0:0: Allocatestun0on client and server.-o Tunnel=ethernet: Sets up an Ethernet-like tunnel.
After Connection:
Configure IP addresses:
sudo ip link set tun0 up # On the server: sudo ip addr add 10.0.0.2/24 dev tun0 sudo ip link set tun0 up
Route Traffic:
On the client, route all traffic:
sudo ip route add default via 10.0.0.2
Persistent SSH VPN (autossh)
To keep the connection alive:
autossh -M 0 -D 1080 -C -N user@remote-server
-M 0: Disables monitoring (or use a port like-M 20000).
Notes:
- Security: SSH VPNs are encrypted but may not be as performant as OpenVPN/WireGuard.
- Firewall: Ensure the remote server allows SSH (port 22).
- Alternative: For a more robust VPN, consider OpenVPN or WireGuard.
Would you like help with a specific step?
