Added files

vimagick · vimagick · commit 515f36d805f9 · 2016-06-27T15:24:48.000+08:00
diff --git a/README.md b/README.md
@@ -1,2 +1,36 @@
-# ssh-vpn
 VPN over SSH
+============
+
+### How It Works
+
+```
+
+                            ///
++----------------------+    ///    +----------------------+
+|        RPI           |    ///    |        VPS           |
+|----------------------|----SSH--->|----------------------|
+| eth0: 192.168.31.222 |    ///    | eth0: 1.2.3.4        |
+| tun0: 10.0.0.200     |    ///    | tun0: 10.0.0.100     |
++----------------------+    ///    +----------------------+
+                            ///
+
+```
+
+- RPI (树莓派-客户端)
+  - 使用境外DNS服务器
+  - 使用eth0, 禁用wlan0
+  - 配置ssh无密码root登录
+
+- VPS (云主机-服务端)
+  - 使用境外[VPS服务器][1]
+  - 启用内核IP数据包转发
+  - 配置防火墙NAT地址转换
+
+
+### References
+
+- <http://man.openbsd.org/ssh>
+- <https://help.ubuntu.com/community/SSH_VPN>
+- <http://bodhizazen.net/Tutorials/VPN-Over-SSH>
+
+[1]: <http://www.vultr.com/?ref=6821947>
diff --git a/rpi/dhcpcd.conf b/rpi/dhcpcd.conf
@@ -0,0 +1,3 @@
+#option domain_name_servers, domain_name, domain_search, host_name
+interface eth0
+static domain_name_servers=208.67.222.222 208.67.220.220
diff --git a/rpi/interfaces b/rpi/interfaces
@@ -0,0 +1,27 @@
+iface tun0 inet static
+    pre-up ssh -i /home/pi/.ssh/id_rsa \
+               -o ServerAliveInterval=30 \
+               -o ServerAliveCountMax=5 \
+               -o TCPKeepAlive=yes \
+               -o StrictHostKeyChecking=no \
+               -o UserKnownHostsFile=/dev/null \
+               -S /var/run/ssh-vpn-tunnel-control \
+               -M -f -w 0:0 1.2.3.4 'ifdown tun0; ifup tun0'
+    pre-up sleep 5
+
+    address 10.0.0.200
+    pointopoint 10.0.0.100
+    netmask 255.255.255.255
+
+    up ip route add 10.0.0.0/24 via 10.0.0.200
+    up ip route add 1.2.3.4/32 via 192.168.31.1
+    #up ip route replace default via 10.0.0.100
+    up ip route add 0.0.0.0/1 dev tun0
+    up ip route add 128.0.0.0/1 dev tun0
+    #down ip route replace default via 192.168.31.1
+    down ip route del 10.0.0.0/24 via 10.0.0.200
+    down ip route del 1.2.3.4/32 via 192.168.31.1
+
+    post-down ssh -i /home/pi/.ssh/id_rsa \
+                  -S /var/run/ssh-vpn-tunnel-control \
+                  -O exit 1.2.3.4
diff --git a/vps/ferm.conf b/vps/ferm.conf
@@ -0,0 +1,9 @@
+@def $DEV_PRIVATE = tun0;
+@def $DEV_PUBLIC = eth0;
+@def $NET_PRIVATE = 10.0.0.0/24;
+
+table nat {
+    chain POSTROUTING {
+        saddr $NET_PRIVATE outerface $DEV_PUBLIC MASQUERADE;
+    }
+}
diff --git a/vps/interfaces b/vps/interfaces
@@ -0,0 +1,6 @@
+iface tun0 inet static
+    pre-up sleep 5
+    address 10.0.0.100
+    pointopoint 10.0.0.200
+    netmask 255.255.255.0
+    up arp -sD 10.0.0.200 eth0 pub
diff --git a/vps/sshd_config b/vps/sshd_config
@@ -0,0 +1,2 @@
+PermitRootLogin yes
+PermitTunnel yes
diff --git a/vps/sysctl.conf b/vps/sysctl.conf
@@ -0,0 +1 @@
+net.ipv4.ip_forward=1

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#option domain_name_servers, domain_name, domain_search, host_name`
	`2`	`+interface eth0`
	`3`	`+static domain_name_servers=208.67.222.222 208.67.220.220`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+PermitRootLogin yes`
	`2`	`+PermitTunnel yes`