VPN server (beachhead) without root?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
6
down vote

favorite
2












How can I set up a VPN server on a host where I don't have root?



I have the following constraints:



  • On the server A, I have no root. I can only operate in my home directory. In particular, I also cannot create tun devices.

  • On the client B, I have complete control and can install what I want.

  • SSH port forwarding (-L/-R) and SOCKS proxy (-D) works, but not in my case. The software on my client uses many different ports so I'd be inclined to use SOCKS, but it also runs at kernel level, so I can't convince it with tsocks to use the proxy. One thing that would work would by to run my client software in a VM on B, and socksify the whole VM - but I'd really rather not go that route.

  • I don't need priviliged ports, so non-root on A should be OK.

  • It doesn't have to be a "real" VPN, but something similar in spirit would be enough. My process on B should be able to communicate with processes on A (and connected devices) as if they were on one machine, without rewriting them.

I don't believe there is an elegant way to do this - the correct way would be to just ask the admin of A, or plug B into the same net - but now I'm just curious if this can be done as a proof of concept.






vpn ssh-tunneling







share|improve this question

























    up vote
    6
    down vote

    favorite
    2












    How can I set up a VPN server on a host where I don't have root?



    I have the following constraints:



    • On the server A, I have no root. I can only operate in my home directory. In particular, I also cannot create tun devices.

    • On the client B, I have complete control and can install what I want.

    • SSH port forwarding (-L/-R) and SOCKS proxy (-D) works, but not in my case. The software on my client uses many different ports so I'd be inclined to use SOCKS, but it also runs at kernel level, so I can't convince it with tsocks to use the proxy. One thing that would work would by to run my client software in a VM on B, and socksify the whole VM - but I'd really rather not go that route.

    • I don't need priviliged ports, so non-root on A should be OK.

    • It doesn't have to be a "real" VPN, but something similar in spirit would be enough. My process on B should be able to communicate with processes on A (and connected devices) as if they were on one machine, without rewriting them.

    I don't believe there is an elegant way to do this - the correct way would be to just ask the admin of A, or plug B into the same net - but now I'm just curious if this can be done as a proof of concept.






    vpn ssh-tunneling







    share|improve this question























      up vote
      6
      down vote

      favorite
      2









      up vote
      6
      down vote

      favorite
      2






      2





      How can I set up a VPN server on a host where I don't have root?



      I have the following constraints:



      • On the server A, I have no root. I can only operate in my home directory. In particular, I also cannot create tun devices.

      • On the client B, I have complete control and can install what I want.

      • SSH port forwarding (-L/-R) and SOCKS proxy (-D) works, but not in my case. The software on my client uses many different ports so I'd be inclined to use SOCKS, but it also runs at kernel level, so I can't convince it with tsocks to use the proxy. One thing that would work would by to run my client software in a VM on B, and socksify the whole VM - but I'd really rather not go that route.

      • I don't need priviliged ports, so non-root on A should be OK.

      • It doesn't have to be a "real" VPN, but something similar in spirit would be enough. My process on B should be able to communicate with processes on A (and connected devices) as if they were on one machine, without rewriting them.

      I don't believe there is an elegant way to do this - the correct way would be to just ask the admin of A, or plug B into the same net - but now I'm just curious if this can be done as a proof of concept.






      vpn ssh-tunneling







      share|improve this question













      How can I set up a VPN server on a host where I don't have root?



      I have the following constraints:



      • On the server A, I have no root. I can only operate in my home directory. In particular, I also cannot create tun devices.

      • On the client B, I have complete control and can install what I want.

      • SSH port forwarding (-L/-R) and SOCKS proxy (-D) works, but not in my case. The software on my client uses many different ports so I'd be inclined to use SOCKS, but it also runs at kernel level, so I can't convince it with tsocks to use the proxy. One thing that would work would by to run my client software in a VM on B, and socksify the whole VM - but I'd really rather not go that route.

      • I don't need priviliged ports, so non-root on A should be OK.

      • It doesn't have to be a "real" VPN, but something similar in spirit would be enough. My process on B should be able to communicate with processes on A (and connected devices) as if they were on one machine, without rewriting them.

      I don't believe there is an elegant way to do this - the correct way would be to just ask the admin of A, or plug B into the same net - but now I'm just curious if this can be done as a proof of concept.






      vpn ssh-tunneling




      vpn ssh-tunneling






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 15 '16 at 12:59









      jdm

      30419




      30419




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          6
          down vote













          Well, this "I have no root" access on Server A can be a problem to create a good VPN solution since:




          • ip-ip tunneling requires interface manipulation;


          • pptp also requires root privileges to create interfaces;


          • OpenVPN can even run as unprivileged user, but some tricks need to be done like allowing sudo to the ip command to allow the creation of tun interface;


          • strongSwan with reduced privileges requires CAP_NET_ADMIN or CAP_NET_RAW to work, and running IKE daemon as non-root user breaks support for iptables updown script.

          What remains to you my friend: Rely on SSH socks proxy. On your local machine, and as root, run:



          ssh -C2qTnN -D 8080 username@serverA


          Means: Compression, SSH2 only, Quiet, Force pseudo-tty allocation, Redirect stdin from /dev/null, and Place the ssh client into "master" mode for connection sharing.



          Now, all you have to do is to run your application. If it has native SOCKSv5 support like Firefox, it's just a matter of configuring "localhost:8080" as the proxy server.



          If your application does not support this proxy natively, run it with proxychains. Just install on your client and you are good to go.



          The only solution you don't want to adopt seems to be the only one, unfortunately.



          Links:



          • Proxy Firefox through a SSH tunnel





          share|improve this answer






















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f255526%2fvpn-server-beachhead-without-root%23new-answer', 'question_page');

            );

            Post as a guest

















            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            6
            down vote













            Well, this "I have no root" access on Server A can be a problem to create a good VPN solution since:




            • ip-ip tunneling requires interface manipulation;


            • pptp also requires root privileges to create interfaces;


            • OpenVPN can even run as unprivileged user, but some tricks need to be done like allowing sudo to the ip command to allow the creation of tun interface;


            • strongSwan with reduced privileges requires CAP_NET_ADMIN or CAP_NET_RAW to work, and running IKE daemon as non-root user breaks support for iptables updown script.

            What remains to you my friend: Rely on SSH socks proxy. On your local machine, and as root, run:



            ssh -C2qTnN -D 8080 username@serverA


            Means: Compression, SSH2 only, Quiet, Force pseudo-tty allocation, Redirect stdin from /dev/null, and Place the ssh client into "master" mode for connection sharing.



            Now, all you have to do is to run your application. If it has native SOCKSv5 support like Firefox, it's just a matter of configuring "localhost:8080" as the proxy server.



            If your application does not support this proxy natively, run it with proxychains. Just install on your client and you are good to go.



            The only solution you don't want to adopt seems to be the only one, unfortunately.



            Links:



            • Proxy Firefox through a SSH tunnel





            share|improve this answer


























              up vote
              6
              down vote













              Well, this "I have no root" access on Server A can be a problem to create a good VPN solution since:




              • ip-ip tunneling requires interface manipulation;


              • pptp also requires root privileges to create interfaces;


              • OpenVPN can even run as unprivileged user, but some tricks need to be done like allowing sudo to the ip command to allow the creation of tun interface;


              • strongSwan with reduced privileges requires CAP_NET_ADMIN or CAP_NET_RAW to work, and running IKE daemon as non-root user breaks support for iptables updown script.

              What remains to you my friend: Rely on SSH socks proxy. On your local machine, and as root, run:



              ssh -C2qTnN -D 8080 username@serverA


              Means: Compression, SSH2 only, Quiet, Force pseudo-tty allocation, Redirect stdin from /dev/null, and Place the ssh client into "master" mode for connection sharing.



              Now, all you have to do is to run your application. If it has native SOCKSv5 support like Firefox, it's just a matter of configuring "localhost:8080" as the proxy server.



              If your application does not support this proxy natively, run it with proxychains. Just install on your client and you are good to go.



              The only solution you don't want to adopt seems to be the only one, unfortunately.



              Links:



              • Proxy Firefox through a SSH tunnel





              share|improve this answer
























                up vote
                6
                down vote










                up vote
                6
                down vote









                Well, this "I have no root" access on Server A can be a problem to create a good VPN solution since:




                • ip-ip tunneling requires interface manipulation;


                • pptp also requires root privileges to create interfaces;


                • OpenVPN can even run as unprivileged user, but some tricks need to be done like allowing sudo to the ip command to allow the creation of tun interface;


                • strongSwan with reduced privileges requires CAP_NET_ADMIN or CAP_NET_RAW to work, and running IKE daemon as non-root user breaks support for iptables updown script.

                What remains to you my friend: Rely on SSH socks proxy. On your local machine, and as root, run:



                ssh -C2qTnN -D 8080 username@serverA


                Means: Compression, SSH2 only, Quiet, Force pseudo-tty allocation, Redirect stdin from /dev/null, and Place the ssh client into "master" mode for connection sharing.



                Now, all you have to do is to run your application. If it has native SOCKSv5 support like Firefox, it's just a matter of configuring "localhost:8080" as the proxy server.



                If your application does not support this proxy natively, run it with proxychains. Just install on your client and you are good to go.



                The only solution you don't want to adopt seems to be the only one, unfortunately.



                Links:



                • Proxy Firefox through a SSH tunnel





                share|improve this answer














                Well, this "I have no root" access on Server A can be a problem to create a good VPN solution since:




                • ip-ip tunneling requires interface manipulation;


                • pptp also requires root privileges to create interfaces;


                • OpenVPN can even run as unprivileged user, but some tricks need to be done like allowing sudo to the ip command to allow the creation of tun interface;


                • strongSwan with reduced privileges requires CAP_NET_ADMIN or CAP_NET_RAW to work, and running IKE daemon as non-root user breaks support for iptables updown script.

                What remains to you my friend: Rely on SSH socks proxy. On your local machine, and as root, run:



                ssh -C2qTnN -D 8080 username@serverA


                Means: Compression, SSH2 only, Quiet, Force pseudo-tty allocation, Redirect stdin from /dev/null, and Place the ssh client into "master" mode for connection sharing.



                Now, all you have to do is to run your application. If it has native SOCKSv5 support like Firefox, it's just a matter of configuring "localhost:8080" as the proxy server.



                If your application does not support this proxy natively, run it with proxychains. Just install on your client and you are good to go.



                The only solution you don't want to adopt seems to be the only one, unfortunately.



                Links:



                • Proxy Firefox through a SSH tunnel






                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Sep 27 at 16:28

























                answered Jan 15 '16 at 19:21









                nwildner

                13.4k14073




                13.4k14073



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f255526%2fvpn-server-beachhead-without-root%23new-answer', 'question_page');

                    );

                    Post as a guest
































































                    -

                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Image
                    Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
                    Read more

                    Displaying single band from multi-band raster using QGIS

                    Image
                    Clash Royale CLAN TAG #URR8PPP 1 How can I extract a single band from multi-band raster in QGIS? I have an remote sensed image which has 6 bands (including NDVI band), I want to display each band separately, but have no idea how to do. I have seen some questions similar here but none worked for me. The original image (has 6 bands) is: I want to display the band 6 which should be like this: But I tried gdal_translate, and couldn't get the correct result. What I have got is: qgis raster multi-band share | improve this question edited Mar 5 at 0:53 Summer asked Mar 4 at 6:42 Summer Summer 23 6 Is this any help gis.stackexchange.com/questions/220658/… ? if not gis.stackexchange.com/questions/62133/… might help. – Michael Stimson Mar 4 at 6:46 Thanks for answering but when I used gdal_translate, qgis showed that 'Error 4: Kayena.tif: No such file or directory". Would you know how to fix it? –
                    Read more

                    How many registers does an x86_64 CPU actually have?

                    Image
                    Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite I am currently learning reverse engineering and am studying the flags register. I had in my mind that rflags was just another name for one of the 16 general purpose registers, for example rax or rbx . But it looks like rflags is actually an additional register. So that makes 17 registers in total... how many more could there be? I have spent at least an hour on this and found numerous different answers. The best answer so far is this, which says that there are 40 registers in total. 16 General Purpose Registers 2 Status Registers 6 Code Segment Registers 16 SSE Registers 8 FPU/MMX Registers But if I add that up, I get 48. Could anybody provide an official answer on how many registers an x86_64 CPU has (e.g. an Intel i7). Additionally, I have seen references to 'hardware' and 'architectural' registers. What are those registers and how many are there? register x86-64 share | improve this
                    Read more