A little help with a non-root -w VPN

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


    I'm trying to get a ssh -w VPN working, where I'm not root on the
server, but do have sudo privileges.  I've looked around quite a bit
and can't seem to find the correct incantation.  It works just fine if
I log in as root.  I'm going from an OS X 10.7 box to a CentOS 6 box:

server$ ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010

client$ ssh -V
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011

    I create an endpoint on the server using tunctl:

server# sudo tunctl -u beaty -t tun9
server# sudo ifconfig tun9 up

server# ifconfig
tun9      Link encap:UNSPEC  HWaddr
         inet addr:  P-t-P:  Mask:
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:500
         RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

    I have PermitTunnel set to "yes".  Here's some output when I try:

client$ sudo ssh -vvv -w 0:9 beaty@server
debug1: Requesting tun unit 0 in mode 1
debug1: sys_tun_open: /dev/tun0 mode 1 fd 5
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 0: new [tun]
debug1: channel 1: new [client-session]
debug3: ssh_session2_open: channel_new: 1
debug2: channel 1: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Remote: Failed to open the tunnel device.
channel 0: open failed: administratively prohibited: open failed

    Any pointers for me?  Thanks!

            steve beaty@ucar.edu | http://www.cisl.ucar.edu /
              The National Center for Atmospheric Research
            Computational and Information Systems Laboratory

Site Timeline