To route your network traffic through SSH, most people would tell you to pass the -D option to create a SOCKS proxy on localhost that you can configure your applications to use.
However, a simple proxy isn't the most practical solution for me. Is there any way to access a SSH tunnel as it's own interface, perhaps with TUN/TAP?
I'm using Linux.
Using OpenSSH in Linux, tunnels can be created over SSH using either TUN or TAP interfaces, as long as proper routing is setup and ip forwarding where appropriate.
For creating a TUN tunnel, will leave here a practical script, from Ip Tunnel Over Ssh With Tun ; the script assumes you are running as root.
Add “PermitTunnel yes” to /etc/ssh/sshd_config
Now, on the client it’s as easy as to run ssh with some parameters, my script for launching it is:#!/bin/sh HOST=REMOTE_PARTY_ADDRESS HOST_PORT=22 TUN_LOCAL=0 # tun device number here. TUN_REMOTE=0 # tun device number there IP_LOCAL=192.168.111.2 # IP Address for tun here IP_REMOTE=192.168.111.1 # IP Address for tun there. IP_MASK=30 # Mask of the ips above. NET_REMOTE=192.168.0.0/16 # Network on the other side of the tunnel NET_LOCAL=192.168.8.0/24 # Network on this side of the tunnel echo "Starting VPN tunnel ..." modprobe tun ssh -w ${TUN_LOCAL}:${TUN_REMOTE} -f ${HOST} -p ${HOST_PORT} "\ ip addr add ${IP_REMOTE}/${IP_MASK} dev tun${TUN_REMOTE} \ && ip link set tun${TUN_REMOTE} up \ && ip route add ${NET_LOCAL} via ${IP_LOCAL} \ && true" sleep 3 ip addr add ${IP_LOCAL}/${IP_MASK} dev tun${TUN_LOCAL} ip link set tun${TUN_LOCAL} up ip route add ${NET_REMOTE} via ${IP_REMOTE} echo "... done."
If you want to access/tunnel a network instead of a single machine, you also have to activate ip forwarding, as in:
sudo sysctl -w net.ipv4.ip_forward=1
You also have a script at https://github.com/trustedsec/tap/blob/master/scripts/ssh-tunnel.sh for creating an OpenSSH tunnel over a TAP interface.