LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Can't establish tunnel for VPN over SSH (https://www.linuxquestions.org/questions/linux-networking-3/cant-establish-tunnel-for-vpn-over-ssh-821116/)

wingman358 07-20-2010 05:53 PM
Can't establish tunnel for VPN over SSH
 
I'm trying to create a VPN through SSH but encounter the following:


Code:
[18:42:11]root@bronzhip:/home/casey# sudo ssh -w 0:0 97.**.***.221 -i VPN

channel 0: open failed: administratively prohibited: open failed
tun0: ERROR while getting interface flags: No such device
tun0: ERROR while getting interface flags: No such device
Connection to 97.**.***.221 closed.
Here's my sshd_config with some relevant toggles:

Code:
#        $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
# This is the sshd server system-wide configuration file.

...SNIP...

Protocol 2
PermitRootLogin yes
PermitTunnel yes
PubkeyAuthentication yes
AuthorizedKeysFile        .ssh/authorized_keys
AllowAgentForwarding yes
AllowTcpForwarding yes
View full sshd_config

I'm lost... Any pointers?

Finlay 07-21-2010 02:19 PM
add a -vvv to the cmd, post the output.

jefro 07-21-2010 02:50 PM
Can you ssh to the remote ip address?

wingman358 07-21-2010 03:42 PM
Quote:
Originally Posted by jefro (Post 4041068)
Can you ssh to the remote ip address?
Normal SSH works perfectly:

Code:
[16:53:37]casey@bronzhip:~$ ssh casey@97.**.***.221
casey@97.**.***.221's password:

...SNIP...

Last login: Tue Jul 20 18:50:33 2010 from bronzehip.wifi.wpi.edu
Linux 2.6.33.4.

...SNIP...

casey@ultram:~$

Finlay 07-21-2010 03:43 PM
add a -vvv to the cmd, post the output.

wingman358 07-21-2010 04:04 PM
Quote:
Originally Posted by Finlay (Post 4041041)
add a -vvv to the cmd, post the output.

Code:
[16:54:29]casey@bronzhip:~$ sudo ssh -vvvw 0:0 97.**.***.221 -i VPN

[sudo] password for casey:

OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 97.**.***.221 [97.**.***.221] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug3: Not a RSA1 key file VPN.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file VPN type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5
debug1: match: OpenSSH_5.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
debug2: dh_gen_key: priv key bits set: 120/256
debug2: bits set: 512/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 999
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host '97.95.190.221' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug2: bits set: 495/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: VPN (0x225e1418)
debug3: Wrote 64 bytes for a total of 1127
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: VPN
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 240 bytes for a total of 1367
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug2: input_userauth_pk_ok: fp 33:07:18:c0:e0:***********:7a:2f:20:2e:3b:89
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug3: Wrote 384 bytes for a total of 1751
debug1: Authentication succeeded (publickey).
debug1: Requesting tun unit 2147483647 in mode 1
debug1: sys_tun_open: tunnel mode 1 fd 4
debug2: fd 4 setting O_NONBLOCK
debug3: fd 4 is O_NONBLOCK
debug1: channel 0: new [tun]
debug1: channel 1: new [client-session]
debug3: ssh_session2_open: channel_new: 1
debug2: channel 1: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug3: Wrote 208 bytes for a total of 1959
debug1: Remote: Forced tun device: 0
debug1: Remote: Forced command: sudo /sbin/ifconfig tun0 up; sudo /sbin/ifconfig tun0 down
debug1: Remote: Forced tun device: 0
debug1: Remote: Forced command: sudo /sbin/ifconfig tun0 up; sudo /sbin/ifconfig tun0 down
debug1: Remote: Failed to open the tunnel device.
channel 0: open failed: administratively prohibited: open failed
debug2: callback start
debug2: client_session2_setup: id 1
debug2: channel 1: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env TERM
debug3: Ignored env LS_COLORS
debug3: Ignored env PATH
debug1: Sending env LANG = en_US.utf8
debug2: channel 1: request env confirm 0
debug3: Ignored env HOME
debug3: Ignored env DISPLAY
debug3: Ignored env XAUTHORITY
debug3: Ignored env COLORTERM
debug3: Ignored env SHELL
debug3: Ignored env LOGNAME
debug3: Ignored env USER
debug3: Ignored env USERNAME
debug3: Ignored env SUDO_COMMAND
debug3: Ignored env SUDO_USER
debug3: Ignored env SUDO_UID
debug3: Ignored env SUDO_GID
debug2: channel 1: request shell confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 1: open confirm rwindow 0 rmax 32768
debug2: channel 0: zombie
debug2: channel 0: garbage collecting
debug1: channel 0: free: tun, nchannels 2
debug3: channel 0: status: The following connections are open:
  #1 client-session (t4 r0 i0/0 o0/0 fd 5/6 cfd -1)

debug3: channel 0: close_fds r 4 w 4 e -1 c -1
debug3: Wrote 448 bytes for a total of 2407
debug2: channel_input_status_confirm: type 99 id 1
debug2: PTY allocation request accepted on channel 1
debug2: channel 1: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 1
debug2: shell request accepted on channel 1
tun0: ERROR while getting interface flags: No such device
debug1: client_input_channel_req: channel 1 rtype exit-status reply 0
debug1: client_input_channel_req: channel 1 rtype eow@openssh.com reply 0
debug2: channel 1: rcvd eow
debug2: channel 1: close_read
debug2: channel 1: input open -> closed
tun0: ERROR while getting interface flags: No such device
debug2: channel 1: rcvd eof
debug2: channel 1: output open -> drain
debug2: channel 1: obuf empty
debug2: channel 1: close_write
debug2: channel 1: output drain -> closed
debug2: channel 1: rcvd close
debug3: channel 1: will not send data after close
debug2: channel 1: almost dead
debug2: channel 1: gc: notify user
debug2: channel 1: gc: user detached
debug2: channel 1: send close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: client-session, nchannels 1
debug3: channel 1: status: The following connections are open:
  #1 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)

debug3: channel 1: close_fds r -1 w -1 e 7 c -1
debug3: Wrote 32 bytes for a total of 2439
debug3: Wrote 64 bytes for a total of 2503
Connection to 97.**.***.221 closed.
Transferred: sent 2272, received 2736 bytes, in 0.3 seconds
Bytes per second: sent 8861.1, received 10670.7
debug1: Exit status 255
Damn, that IS very, very verbose! Not sure if it helps, though.

Finlay 07-21-2010 04:28 PM
couple things to try:
change 0:0 to any:any
add root@ip for the remote address
In this thread it mentions having to create the tunnel interfaces, tun0, manually on the remote host.


All times are GMT -5. The time now is 09:41 PM.