layer 2 and 3 tunnelling
alsdk opened this issue · 13 comments
Hello,
This is a very nice project and can be used on real engagements. Congratulations for your work.
Is it possible to add support for VPN tun devices ?
In normal ssh you can create tun devices when running (as root):
$ ssh -w5:5 host
As you know, this will create a tun5 device on both client and server and then you can configure internal ips on those tun devices, define routes and set firewall rules and make a effective vpn connection to reach other machines inside the network.
Im trying to create tun devices using reverse_ssh but it seems is not possible right now:
$ ssh -J rssh-proxy -w 5:5 root.kali
channel 0: open failed: unknown channel type: unsupported channel type: tun@openssh.com
Maybe this is not supported in the go ssh library you are using, but Im asking just in case.
Anyway thanks for your work and keep it up !
Funny enough this use to be a feature in rssh until the underlying libraries I was using to do it changed and broke everything.
As I thought no one was using it I removed the feature.
It's worth noting that even if this was implemented only tcp, udp and icmp would be supported. Would this still suite your needs?
tcp, udp and icmp is more than enough for my needs, if you ask me.
Imagine to use nmap in order to scan a big network where rssh client is deployed. You could do it faster and in a better way than using the dynamic proxy (ssh -D), and you can access any host/port transparently (with apropiate routes and fw rules in place) pretty much like with openvpn.
Supporting this feature at least on linux should give a positive impact to this project IMHO.
Thanks for your time and again, very good job you are making on this project, I personally find it interesting for real engagements and definitelly I will use it in my red teams incursions.
Regards.
Sweet as, I'll add it back in, and try and make it not bloat the binary size like last time.
I've got the first version of this working on the vpn branch. It is a little unfortunate this adds 4 -> 6 mb of weight to the binary
That was fast, I will test the changes today.
Go binaries are either way big but can be striped and packed with upx, not a big issue.
Thanks!
Im testing the vpn branch and I see the tun device is created and listed (with ip address show) only on local side:
$ ssh -J rssh-proxy -w5:5 root.kali
tun5 device is created in the machine where ssh -J commands runs, but it isn't created in the machine where RSSH client is deployed.
RSSH client is running as root as well as ssh command in local machine.
The rssh client does not create a tun device. It emulates a non root tun device so you can run it rootless.
and how do you configure such interface it if it does not appear in the system interfaces list?
Hm. You shouldn't need to configure the interface on the rssh client side, you just set the tun device on your own machine to accept traffic and go from there.
But confused about how you want to use this.
An added note that adding a root tun device handler that sets up a device on the rssh client side is outside what I'm willing to build
I saw the note about setting up the vpn. It's not the usual way I do the setup for vpn tun devices but it's working as you intend!
Thanks for your support and also for your time.
Regards.
Excellent. Glad to hear it.
Sweet just found a mild bug on darwin that caused the RSSH client to die on startup. I'll check it tomorrow before I do a release.
Yep all sorted and am doing the release now