Now all traffic (except for DNS and the SSH server itself) should go through tun0. # ip route add default via 10.0.0.2 metric 6 With all of that said, let us get to work: We also need a new default route with a lower metric than your old default route so that traffic goes into the tunnel at all. Apart from that, we need to set an explicit DNS route because tun2socks does not tunnel UDP (required for DNS). The idea behind setting the metrics specifically is because we need to ensure that the route picked to the SSH server is always direct because otherwise it would go back into the SSH tunnel which would cause a loop and we would lose the SSH connection as a result. Default route for all other traffic with a higher metric than the other routes.Route for DNS server (because tun2socks does not do UDP which is necessary for DNS) with a low metric.Route that goes to the SSH server that we use for the tunnel with a low metric.Let us set up a route that routes all traffic into it. Now you have a working local tun0 interface which routes all traffic going into it through the SOCKS proxy you set up earlier.Īll that's left to do now is to set up a local route to get some traffic into it. $ ssh -TND 4711 up badvpn and tunnel interfaceĪfterwards, we can go ahead with setting up the TUN. 2.2.1 Creating interfaces in SSH commandīadvpn is a collection of utilities for various VPN-related use cases.įirst, we will set up a normal SSH dynamic socks proxy like usual:.2.2 Create tun interfaces using systemd-networkd.2.1 Enable forwarding for the TUN device.