Slirp Tunneled over SSH

From Buici

Jump to: navigation, search

Slirp is a PPP/SLIP eumlator combined with NAT code that permits routing over any given point-to-point link. It was originally designed to gain access to the internet over a modem or dial-up link. There are many methods for implementing VPNs or for handling peculiar routing problems. Slirp has the unique feature of requring no root access on one end of the tunnel.

SSH allows for a convenient method of establishing a point-to-point that crosses otherwise network barriers. Slirp via PPP allows IP routing over the link. The combination grants privilege to the user process on the remote host that commute to the local host.

Whereas GRE, IPIP and IPSEC tunnels perform a similar function through standard and efficient means, Slirp over SSH performs this function where one end of the tunnel may not have access to kernel features such as tun, tap, or ppp devices.

[edit]

Example Configuration 


 +---------+
 |  cocoa  |
 +---------+
      |
      |
      |                 -----------
 +---------+           /           \
 |  jello  |-----------   10.1/16   -
 +---------+           \           /
                        -----------


In this example, a user on cocoa wants to access the 10.1/16 network, but cannot do so from cocoa because that network is inaccessible from beyond jello or other hosts directly connected to it. This user is not permitted root access to jello, but does have a login via ssh to that host. By tunnelling PPP traffic over an SSH link and running slirp on jello, this user can configure cocoa to route traffic to hosts on the 10.1/16 network.

[edit]

Slirplink

The slirplink script builds such a link. There is the original version I wrote in 2006 as well as a version updated by Daniel Gimpelevich in 2008. Before using either, slirp must be available on jello. The administrator of jello may be willing to install it, or it can be compiled from source. The path to slirp is part of the invocation of slirplink. 

 cocoa# slirplink

This will display a usage message. 

 cocoa# slirplink up bob@jello:bin/slirp 10.1/16

There are some subtleties to using the script. In the best mode, it is run from root user account and the bob account on jello allow password-free access by some means available to SSH. The command will run a local PPPD daemon and tell it to connect to jello via ssh and run slirp there. If it works properly, you will see a local ppp device with a local address of 10.0.2.15 and a remote address of 10.0.2.2.

If password-free logins are not available which may be prohibited by policy on jello, the -P switch should coerce PPPD and SSH to cooperate.

Retrieved from "http://wiki.buici.com/wiki/Slirp_Tunneled_over_SSH"
Personal tools