Use HMI remotely

Main principles:
- login via ssh as root (sudo) to create tun interface
- enable IP forwarding on the proxy

on the proxy:

1) /etc/ssh/sshd_config

Port <PROXY_PORT>

PermitTunnel yes

PermitRootLogin prohibit-password # can be 'without-password'
RSAAuthentication yes
PubkeyAuthentication yes

2) sudo su - root
3) ssh-keygen (to make sure root has the .ssh directory)

4) Add the remote PC root's public key to /root/.ssh/authorized_keys

5) sudo service ssh restart

6) /etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4 

net.ipv4.ip_forward=1

7) sudo service procps restart

8) /etc/network/interfaces

allow-hotplug tun0
iface tun0 inet static

    address 10.0.0.1

    pointopoint 10.0.0.2

    netmask 255.255.255.255

    up arp -Ds 10.0.0.2 enp3s0 pub

9) sudo service networking restart

on the remote PC:

1)  /root/.ssh/config

Host tun

    Hostname <PROXY_IP>

    Port <PROXY_PORT>

    User root

    IdentityFile ~/.ssh/id_rsa

    Tunnel yes

    TunnelDevice 0:0

2) /etc/network/interfaces

allow-hotplug tun0
iface tun0 inet static

    address 10.0.0.2

    pointopoint 10.0.0.1

    netmask 255.255.255.255

    up ip route add <TARGET_IP> via 10.0.0.2

using:

1) connect to the target network

2) sudo ssh tun

3) sudo ifup tun0 on the remote PC

4) sudo ifup tun0 on the proxy

troubleshooting:

1) sudo service networking restart on the remote and proxy side
2) add direct route on the target (to the remote PC):
sudo ip route add 10.0.0.2/32 via <PROXY_IP>
or
/etc/systemd/system/network.service
ExecStart=/sbin/ip route add 10.0.0.2/32 via <PROXY_IP>
systemctl daemon-reload
systemctl restart network

useful utils:

uml-utilities

sudo tunctl -u $USER

tcpdump -i eth1 port 22 and '(tcp-syn|tcp-ack)!=0'
tcpdump -i enp3s0 arp