[warning]After all, you need openssh v4.3 and tuntap installed on both machines.[/warning]


server1 # ssh [email protected] -NTCf -w 0:0

 -N Do not execute a remote command. This is useful for just forwarding ports.
-T Disable pseudo-tty allocation.
-C Requests compression of all data 
-f Requests ssh to go to background just before command execution.


You need this options on sshd_config

PermitRootLogin yes

PermitTunnel yes


Configure the interfaces:

On the server1

server1 # ip link set tun0 up

server 1 # ip addr add peer dev tun0

On the server2

server2 # ip link set tun0 up

server2 # ip addr add peer dev tun0


And this moment, you have connection btw two servers, you can do ping on the server1


now, you need configure the routing table

if you want routed all traffic

on the server1:

server1 # route add -host ip_server1 gw gateway_on_your_network

server1 # route del default gw gateway_on_your_network

server1 # route add default gw

on the server2:

server2 # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

(eth0 are connected to internet/lan)

server2 # echo 1 > /proc/sys/net/ipv4/ip_forward


Now, all traffic btw server1 and server2 are encripted 🙂