Recently I had the pleasure of setting up a SSH
tunnel between two virtual machines that share no route and are located in two different subnets.
They can however reach each other via SSH, hopping their host.
Let's assume the following setup:
As I needed the two clients to be able to send mail to each other and reach each others' services, I did some digging and opted for a SSH connection using TUN
devices (aka. "poor man's VPN
The following is needed to set this up:
To make both hosts know about each other by hostname (and domain, if any), too, those can be added to the clients' /etc/hosts files.
On client1 (/etc/hosts):
10.0.10.2 client2.org client2
10.0.10.1 client1.org client1
If using postfix
, the service has to be configured to use /etc/hosts
before resolving to your networks DNS resolving.
On client1 and client2 (/etc/postfix/main.cf):
lmtp_host_lookup = native
smtp_host_lookup = native
ignore_mx_lookup_error = yes
Autossh and system boot
Wrapping it all up, it's usually intended to have a tunnel service be started on system boot. SSH tunnels are supposedly known for their poor connectivity. One way to get around this issue is to manage them with autossh
On client1 (/etc/systemd/system/tunnel@.service):
Description=AutoSSH tunnel to a host
ExecStart=/usr/bin/autossh -M 0 -NCTv -o ServerAliveInterval=45 -o ServerAliveCountMax=2 -o TCPKeepAlive=yes -w 5:5 %I
systemctl enable tunnel@client2
systemctl start tunnel@client2