A missing remote command for establishing a connection

[birdie-github]

The plugin doesn't issue this command remotely and it means your SSH/VPN connection will never work:

ip tuntap add mode tun dev tun100

tun100 (the number) depends on your configuration of course. This needs to be fixed ASAP.

I'm using the sudo remote option but that's beside the point. Other ip ... commands complete successfully.

Right now I manually log in to the remote server and create the device which is kinda silly.

[danfruehauf]

Please see: https://github.com/danfruehauf/NetworkManager-ssh?tab=readme-ov-file#scenario-2---full-tunnel-support-without-remote-root

OpenSSH will be unable to open that device on the remote side, unless you login as root (or maybe with a user that has CAP_NET_ADMIN?).

If you find a way that this can work, I'm more than happy to try and integrate it into the plugin. But AFAIK, there isn't.

[birdie-github]

Dan,

I wrote:

I'm using the sudo remote option but that's beside the point.

I wonder if you could create the tun device by default for sudo users.

Thank you.

[danfruehauf]

I wonder if you could create the tun device by default for sudo users.

OK, I understand where the confusion comes from. The command for adding the tun or tap device needs to be on a separate SSH connection, that does not attempt to open a tunnel. And only after, the connection that opens the tunnel can happen and establish the VPN. Frankly, in that scenario, I consider the prep of the tun/tap device as necessary steps to setup the "SSH VPN server".

My reluctance of implementing that stems from the fact that it'll significantly complicate the plugin and its current simplistic design. That, and the fact that you are required to login into the remote end anyway, to perform various preparations anyway.

Regardless, I'm happy to discuss further, and leave that one open. If there is significant interest from users - I'd opt into looking at what is necessary to facilitate that, despite the cost.