welcome: please sign in
socat-vpn

Concept

socat, the stream swiss army knife, can do anything! Even make VPNs!

Scripts

socat-ssl-genkey

[ "$UID" = "0" ] || exec sudo $0 $@

ID="$1"

[ -z "$ID" ] && exit 1

openssl genrsa -out $ID.key 1024
openssl req -new -key $ID.key -x509 -days 4653 -out $ID.crt
cat $ID.key $ID.crt > $ID.pem
chmod 600 $ID.key $ID.pem

socat-443

[ "$UID" = "0" ] || exec sudo $0 $@

socat -d -d
openssl-listen:443,reuseaddr,fork,cert=server.pem,verify=0,keepalive=1
exec:"/usr/sbin/sshd -i"

socat-vpn-server

LOCAL_VPN_ADDRESS=10.10.10.1
REMOTE_VPN_ADDRESS=10.10.10.2
OUTGOING_IFACE=eth0

[ "$UID" = "0" ] || exec sudo $0 $@

echo 0 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o $OUTGOING_IFACE   -j MASQUERADE

echo 7 > /proc/sys/net/ipv4/ip_dynaddr
echo 1 > /proc/sys/net/ipv4/ip_forward

socat -d -d tcp-listen:4433,reuseaddr tun:$REMOTE_VPN_ADDRESS/24,up

socat-vpn

LOCAL_VPN_ADDRESS=10.10.10.1
REMOTE_VPN_ADDRESS=10.10.10.2
VPN_NET_MASK=10.0.0.0/8

sh -c "sleep 7 ; sudo socat -d -d tcp:localhost:4433 tun:$LOCAL_VPN_ADDRESS/24,up" &
sh -c "sleep 8 ; sudo route add -net $VPN_NET_MASK gw $REMOTE_VPN_ADDRESS" &

ssh my_name@my.server.at.home -L 4433:localhost:4433 socat-vpn-server

socat-vpn-routing

LOCAL_VPN_ADDRESS=10.10.10.1
REMOTE_VPN_ADDRESS=10.10.10.2
OLD_GATEWAY=10.0.2.3
NEW_GATEWAY=10.0.0.1
PROXY=proxy

echo 1 > /proc/sys/net/ipv4/ip_forward

evdo route add $PROXY gw $OLD_GATEWAY
evdo route del default eth0
evdo route add default gw $REMOTE_VPN_ADDRESS
evdo route -n

echo nameserver $NEW_GATEWAY > /etc/resolv.conf

keepalive $REMOTE_VPN_ADDRESS

evdo route del $PROXY eth0
evdo route del default tun0
evdo route add default gw qemuserver
evdo route -n

echo nameserver $OLD_GATEWAY > /etc/resolv.conf

socat-vpn (last edited 2010-04-24 09:29:31 by localhost)