Ubuntu

not able to get tun0 interface when trying to create tunnel using ssh

Asked by bishneet

Hi,

With reference to https://help.ubuntu.com/community/SSH_VPN, I tried all the commands. I am able to login to the server but I ma not able to see tun0 interface created in neither client nor server. What is the problem?

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

You shouldn't get a tun0 with an SSH tunnel. You get a port on localhost which actually connexts to the remote system.

Revision history for this message
bishneet (bishneet1407) said : 		#2

Where can I see the port? nothing is being formed. Just I am getting the access of remote system. My aim was to establish a tunnel with tun0 interface created. Do you know any other way with which I can create a tunnel and redirect my traffic through it?

Revision history for this message
bishneet (bishneet1407) said : 		#3

Moreover, I am getting this message when I try to create a channel:

Remote: Server has rejected tunnel device forwarding
channel 0: open failed: administratively prohibited: open failed
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: channel 0: free: tun, nchannels 2

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#4

For example. I run an SSH server with Squid. I connect to Squid remotely via an SSH tunnel (gets around work proxy (annoying)). I use this:

ssh -L 2222:my_servers_lan_ip:3128 user@wan_ip

Now on the client system, I can set my proxys to 'localhost:2222' and the data will flow over the tunnel and into squid which defaults to port 3128

Works a treat.

Revision history for this message
bishneet (bishneet1407) said : 		#5

But I am not creating tunnel using -L. Rather, In am using -w to create tun interfaces. Where in this, can I see the port?

Revision history for this message
Victor Adamiec (strike-r) said : 		#6

The given error message:
  Remote: Server has rejected tunnel device forwarding

tells us that the ssh server (=target host) refused to create the tunnel device. Is the "PermitTunnel" directive in /etc/sshd_config set to yes on the server? The default is no!

Revision history for this message
bishneet (bishneet1407) said : 		#7

yes, it is set.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#8

What is the output of:

grep -i tunnel /etc/ssh/sshd_config

Thanks

Revision history for this message
bishneet (bishneet1407) said : 		#9

What is the output of:

grep -i tunnel /etc/ssh/sshd_config

OUTPUT:

PermitTunnel yes
# Change to no to disable tunnelled clear text passwords

Revision history for this message
Victor Adamiec (strike-r) said : 		#10

Did you restart the target host after changing option PermitTunnel to yes in /etc/sshd.config? If no, type "sudo restart ssh". If yes, I suggest to run sshd in debugging mode. Maybe it gives you more detail about the error. Be *very* careful though not to loose connectivity when shutting down sshd. Here's how to do this:

1. Open two terminal windows on the client
2. In the first terminal window login to your target host:
ssh TARGETHOST
3. Still in the first terminal window (now with a prompt on the target host) type (one line!):
sudo stop ssh; sudo /usr/sbin/sshd -D -d -d -d; sudo start ssh
4. In the second terminal window (with a shell on the client) run your tunnel command:
ssh -w any:any TARGETHOST

This should show more detail about the server problem in the first terminal window.

Revision history for this message
Launchpad Janitor (janitor) said : 		#11

This question was expired because it remained in the 'Needs information' state without activity for the last 15 days.