A simple Linux IP tunnel using tun/tap virtual interface. This implements a simple (insecure!) VPN network. Warning: this is not secure and should only be used for learning purposes.
$ sudo apt install gcc make iproute2$ make allExample Setup
10.9.0.0/24 network 10.10.0.0/24 network
... ...
[transport: segment/packet] <---- tunnel using TCP ---> [transport: segment/packet]
[network: ip packet] [network: ip packet]
[datalink: ethernet frame ] [datalink: ethernet frame ]
[physical: bits] [physical: bits] tun2 virtual interface (10.9.0.1/24)10.10.0.0/24 network via 10.9.0.1tun2 virtual interface (10.10.0.1/24)10.9.0.0/24 network via 10.10.0.1$ ./create-server-tunnel.shThis creates a tunnel named tun2 and assign it an ip 10.10.0.1/24.
Example output:
$ ./create-server-tunnel.sh
+ TUNNEL_NAME=tun2
+ IP_ADDRESS=10.10.0.1/24
+ sudo ip tuntap del tun2 mode tun
+ sudo ip tuntap add tun2 mode tun
+ sudo ip link set tun2 up
+ sudo ip addr add 10.10.0.1/24 dev tun2
+ echo 'Creating tunnel tun2 with ip address 10.10.0.1/24'
Creating tunnel tun2 with ip address 10.10.0.1/24
+ sudo ip route add 10.9.0.0/24 via 10.10.0.1
+ echo 'Added route to 10.9.0.0/24 network via tun2'
Added route to 10.9.0.0/24 network via tun2./run-tcp-server.shThis will start a TCP server on port 5050 bound to 0.0.0.0 address.
./create-client-tunnel.shThis creates a tunnel named tun2 and assign it an ip 10.9.0.1/24.
Example output:
$ ./create-client-tunnel.sh
+ TUNNEL_NAME=tun2
+ IP_ADDRESS=10.9.0.1/24
+ sudo ip tuntap del tun2 mode tun
+ sudo ip tuntap add tun2 mode tun
+ sudo ip link set tun2 up
+ sudo ip addr add 10.9.0.1/24 dev tun2
+ echo 'Created tunnel tun2 with ip address 10.9.0.1/24'
Created tunnel tun2 with ip address 10.9.0.1/24
+ sudo ip route add 10.10.0.0/24 via 10.9.0.1
+ echo 'Created route to 10.10.0.0/24 network via tun2'
Created route to 10.10.0.0/24 network via tun2export SERVER_IP=<some-server-ip>
$ ./run-tcp-client.shExample output:
$ ./run-tcp-client.sh In this setup, we created 10.9.0.0/24 (local) and 10.10.0.0/24 (remote) networks. The create-xxx-tunnel.sh
scripts also added routing table entries to the peer network.
Local machine:
$ ip route show
10.10.0.0/24 via 10.9.0.1 dev tun2Remote:
$ ip route show
10.9.0.0/24 via 10.10.0.1 dev tun2That's it!, if all goes well, tunnel is ready to take some traffic!
You can use tshark or tcpdump to monitor the traffic in the virtual interface.
Example using tshark:
sudo apt install tshark
sudo tshark -i tun2You can ping a machine in the remote network (10.10.0.0/24), establish SSH connection or curl a running nginx (if you have one!)
curl http://10.10.0.1Look ma!
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>