jecklgamis / lane-cove-tunnel

A simple Linux IP tunnel using tun/tap virtual interface.
Apache License 2.0
4 stars 0 forks source link

lane-cove-tunnel

A simple Linux IP tunnel using tun/tap virtual interface. This implements a simple (insecure!) VPN network. Warning: this is not secure and should only be used for learning purposes.

Requirements

$ sudo apt install gcc make iproute2

Building

$ make all

Example Setup

10.9.0.0/24 network                                        10.10.0.0/24 network    
...                                                        ...
[transport: segment/packet]   <---- tunnel using TCP --->  [transport: segment/packet]   
[network: ip packet]                                       [network: ip packet]          
[datalink: ethernet frame ]                                [datalink: ethernet frame ]   
[physical: bits]                                           [physical: bits]              

Running The Server

Example output:

$ ./create-server-tunnel.sh 
+ TUNNEL_NAME=tun2
+ IP_ADDRESS=10.10.0.1/24
+ sudo ip tuntap del tun2 mode tun
+ sudo ip tuntap add tun2 mode tun
+ sudo ip link set tun2 up
+ sudo ip addr add 10.10.0.1/24 dev tun2
+ echo 'Creating tunnel tun2 with ip address 10.10.0.1/24'
Creating tunnel tun2 with ip address 10.10.0.1/24
+ sudo ip route add 10.9.0.0/24 via 10.10.0.1
+ echo 'Added route to 10.9.0.0/24 network via tun2'
Added route to 10.9.0.0/24 network via tun2

Running The Client

Example output:

$ ./create-client-tunnel.sh 
+ TUNNEL_NAME=tun2
+ IP_ADDRESS=10.9.0.1/24
+ sudo ip tuntap del tun2 mode tun
+ sudo ip tuntap add tun2 mode tun
+ sudo ip link set tun2 up
+ sudo ip addr add 10.9.0.1/24 dev tun2
+ echo 'Created tunnel tun2 with ip address 10.9.0.1/24'
Created tunnel tun2 with ip address 10.9.0.1/24
+ sudo ip route add 10.10.0.0/24 via 10.9.0.1
+ echo 'Created route to 10.10.0.0/24 network via tun2'
Created route to 10.10.0.0/24 network via tun2

Configuring The Routing Table

In this setup, we created 10.9.0.0/24 (local) and 10.10.0.0/24 (remote) networks. The create-xxx-tunnel.sh scripts also added routing table entries to the peer network.

Local machine:

$ ip route show
10.10.0.0/24 via 10.9.0.1 dev tun2

Remote:

$ ip route show
10.9.0.0/24 via 10.10.0.1 dev tun2

That's it!, if all goes well, tunnel is ready to take some traffic!

Monitoring Tunnel Traffic

You can use tshark or tcpdump to monitor the traffic in the virtual interface.

Example using tshark:

sudo apt install tshark
sudo tshark -i tun2

Verifying

You can ping a machine in the remote network (10.10.0.0/24), establish SSH connection or curl a running nginx (if you have one!)

curl http://10.10.0.1

Look ma!

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

References