Socat is a powerful tool which can work together with Tuntox.
On the server (where tuntox is already running):
socat -d -d 'TCP-LISTEN:9876' 'TUN:10.20.30.41/24,up'
On the client:
socat -d -d TUN:10.20.30.40/24,up 'SYSTEM:./tuntox -W 127.0.0.1@9876 -i 86e70ffe9f835b12667d296f2df9c307ba1aff06'
Viola, you have a point-to-point VPN. On client:
# ping 10.20.30.41
PING 10.20.30.41 (10.20.30.41) 56(84) bytes of data.
64 bytes from 10.20.30.41: icmp_seq=1 ttl=64 time=138 ms
64 bytes from 10.20.30.41: icmp_seq=2 ttl=64 time=169 ms
64 bytes from 10.20.30.41: icmp_seq=3 ttl=64 time=130 ms
64 bytes from 10.20.30.41: icmp_seq=4 ttl=64 time=90.8 ms
64 bytes from 10.20.30.41: icmp_seq=5 ttl=64 time=50.7 ms
No need to log in run and run socat on the server.
Also: inefficient, insecure (requires PermitRootLogin yes on server).
On the client:
socat -d -d TUN:10.20.30.40/24,up 'SYSTEM:ssh root@localhost -o ProxyCommand=\"./tuntox -W "127.0.0.1:22" -d -i 86e70ffe9f835b12667d296f2df9c307ba1aff06\" socat -d -d - "TUN:10.20.30.41/24,up"'
# ping 10.20.30.41
PING 10.20.30.41 (10.20.30.41) 56(84) bytes of data.
64 bytes from 10.20.30.41: icmp_seq=1 ttl=64 time=50.6 ms
64 bytes from 10.20.30.41: icmp_seq=2 ttl=64 time=81.2 ms
64 bytes from 10.20.30.41: icmp_seq=3 ttl=64 time=50.3 ms
64 bytes from 10.20.30.41: icmp_seq=4 ttl=64 time=151 ms
64 bytes from 10.20.30.41: icmp_seq=5 ttl=64 time=50.3 ms
Based on Ben Martin's article
I've also heard about a new program called ToxVPN, who knows - maybe it does a better job? And more recently someone created toxtun, slowclap.gif for the creative choice of name.