VPN With Socat

This document provides instructions for using socat to create a virtual private network (VPN) connection between a laptop and remote server without advanced server configuration. It involves: 1) Moving the server's network connection to a bridge so the laptop can be added 2) Starting a tunneled connection between socat processes on each machine 3) Adding the tunnel to the bridge 4) Configuring routing on the laptop to use the tunnel for internet access

Uploaded by

zennro

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

295 views1 page

VPN With Socat

Uploaded by

zennro

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 1

HOWTO use socat to make a fake VPN Here are instructions on how to use socat to give one computer,

e.g., a laptop, an IP address on the same subnet as a remote server. If you're careful, these instructions should work if you don't have access to the remote server to prepare it in advance. First, you'll want socat installed on both machines and brctl installed on the server. These are available in the Debian/Ubuntu packages "socat" and "bridge-utils" respectively. You'll also want root access; start a root shell on your laptop, and ssh to root at the server. For these instructions, we'll assume that "eth0" is the name of the server's public interface, 172.21.0.2 is the server's IP, 172.21.0.3 is the IP you'd like your laptop to have, 255.255.0.0/172.21.0.1 are the netmask and gateway, and 192.168.0.1 is your laptop's local router's IP. 1. Move the server's network connection to a network bridge, so you can add your laptop later. In a single command, run on the server ifconfig eth0 down && brctl addbr br0 && brctl addif br0 eth0 && ifconfig br0 172.21.0.2 netmask 255.255.0.0 up && ifconfig eth0 up && route add default gw 172.21.0.1 where "eth0" is your public interface, and "172.21.0.2", "255.255.0.0", and "172.21.0.1" are your public IP address, netmask, and gateway. Give the network a few seconds to restabilize, and you should be able to ping the remote computer. You may want to have first run some failsafe like "sleep 120 && reboot &", so that if you mess up, the server comes back. If all goes well, run "fg" and hit ^C to cancel the reboot. 2. Start the tunneled connection. On the server, run socat TUN:172.21.0.3/32,up,tun-type=tap UDP-LISTEN:12345 and on the laptop socat TUN:172.21.0.3/32,up,tun-type=tap UDP:172.21.0.2/32 3. Add the tunnel to the bridge on the server side: brctl addif br0 tap0 4. On your laptop, route traffic to the server over your real connection: route add 172.21.0.2 gw 192.168.2.1 and route all other traffic over the tap device: route del default gw 192.168.2.1 route add default dev tap0 If you check something like whatismyip.akamai.com, your laptop's IP to every machine except the server should now be 172.21.0.3.