From owner-freebsd-questions Fri Sep 10 0:18:57 1999 Delivered-To: freebsd-questions@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.128.198]) by hub.freebsd.org (Postfix) with ESMTP id 480261526B for ; Fri, 10 Sep 1999 00:18:52 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from keep.lan.Awfulhak.org (root@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id IAA85183; Fri, 10 Sep 1999 08:17:03 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from keep.lan.Awfulhak.org (brian@localhost.lan.Awfulhak.org [127.0.0.1]) by keep.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id IAA37609; Fri, 10 Sep 1999 08:21:40 +0100 (BST) (envelope-from brian@keep.lan.Awfulhak.org) Message-Id: <199909100721.IAA37609@keep.lan.Awfulhak.org> X-Mailer: exmh version 2.0.2 2/24/98 To: "Tim Pushor" Cc: questions@FreeBSD.ORG Subject: Re: user PPP over SSH In-reply-to: Your message of "Fri, 10 Sep 1999 10:13:44 MDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 10 Sep 1999 08:21:40 +0100 From: Brian Somers Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG How about enabling ``physical'' logging on both sides ? A lot of your examples aren't using -direct when envoking the remote process. Only -direct will read file descriptor 0, so it's the only ppp mode that'll work. As an exercise, you can also try something like this - just to prove that program execution works: keep:~ $ ppp Working in interactive mode Using interface: tun1 ppp ON keep> set log local physical ppp ON keep> set device "!pwd" ppp ON keep> term deflink: Entering terminal mode on !pwd Type `~?' for help Physical: read Physical: 2f 68 6f 6d 65 2f 62 72 69 61 6e 0a /home/brian. /home/brian Physical: read ppp ON keep> Also, don't use the -t switch to ssh - you don't want a pseudo tty and ssh doesn't allocate one anyway if the local end doesn't have one - it just moans a bit. If the above works, change the above to run ``ssh whereever pwd'' and make sure the output is roughly the same. Then progress onto ``ssh whereever /usr/sbin/ppp -direct whatever''. Bear in mind that /usr/ sbin may not be in your path on the sshd side. > I have been trying to get user PPP to work over an SSH connection. I have > made this work with SSL port forwarders before, but think that the 'ssh > hostname /usr/sbin/ppp label' method is MUCH cleaner. Judging from the > example in /usr/share/examples/ppp/ppp.conf.sample, it should work. > > I have two FreeBSD machines that I will call the client and the server. The > client attempts to 'call' the server via ssh. SSH has been configured on the > machines at least for the time being that root authenticates via RSA and has > no passphrase. This works. What also works is if I try to run ppp via ssh > from the shell. I see the frames. It does not work from within PPP. It seems > like the PPP programs just can't see each other. > > Today I downloaded and built the newest PPP from awfulhak.org (Version > 2.23 - Sep 9, 1999) on both machines. Both machines are using ssh-1.2.26. > The 'server' is FreeBSD 2.2.8-RELEASE while the 'client' is FreeBSD > 3.2-RELEASE. Everything seems to work fine until PPP is invoked. > > In the beginning, I thought the problem was in the set device line, so I > have tried the following: > > 1) Various invocations of calling ssh: > ssh -t hostname /usr/sbin/ppp -ddial label > ssh hostname /usr/sbin/ppp -ddial label > ssh -l username -i identityfile hostname /usr/sbin/ppp -ddial label > ssh -l username -i identityfile -t hostname /usr/sbin/ppp -ddial label > ssh -oBatchmode=yes hostname /usr/sbin/ppp -ddial label > > 2) Creating a shell script with the invocations from 1), and calling the > shell script from > the set device line of ppp > > Observations: > > Running PS on the 'server' when the 'client' attempts to call via PPP > indicates that ppp IS being run. The ssh command line is being executed and > executing ppp on the 'server'. > > At a shell on the 'client' if I issued any of the commands above *that > contained a -t option to ssh* I could see PPP frames coming from the > 'server'. > > I would be grateful if someone can help with this, and I would be happy to > summarize to the list to share my experiences. > > Please CC my email address as I do not subscribe to this list. > > Thanks, > Tim > --------- > > Client configuration: > > /etc/ppp/ppp.conf > > vpn: > set log phase chat connect lcp ipcp command tun ccp > set openmode passive > set device "!ssh -t host.name.com /usr/sbin/ppp -direct vpnserv" > set dial > set login > set ifaddr 10.0.10.2 10.0.10.1 > set timeout 0 > > /usr/local/etc/ssh_config > > *all lines are comments* > > > Server configuration: > > /etc/ppp/ppp.conf > > vpnserv: > set timeout 0 > set ifaddr 10.0.10.1 10.0.10.2 > set log phase chat connect lcp ipcp command > allow mode direct > > /etc/sshd_config > > Port 22 > ListenAddress 0.0.0.0 > HostKey /etc/ssh_host_key > RandomSeed /etc/ssh_random_seed > ServerKeyBits 768 > LoginGraceTime 600 > KeyRegenerationInterval 3600 > PermitRootLogin yes > IgnoreRhosts no > StrictModes yes > QuietMode no > X11Forwarding yes > X11DisplayOffset 10 > FascistLogging yes > PrintMotd no > KeepAlive yes > SyslogFacility DAEMON > RhostsAuthentication no > RhostsRSAAuthentication yes > RSAAuthentication yes > PasswordAuthentication no > PermitEmptyPasswords yes > UseLogin no > > > Relavent client ppp log: > > Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: bundle: Establish > Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: closed -> opening > Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: Connected! > Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: opening -> dial > Sep 9 20:44:50 apollo ppp[14612]: tun0: Chat: deflink: Dial attempt 1 of 1 > Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: dial -> carrier > Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: carrier -> login > Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: login -> lcp > Sep 9 20:44:50 apollo ppp[14612]: tun0: LCP: FSM: Using "deflink" as a > transport > Sep 9 20:44:50 apollo ppp[14612]: tun0: LCP: deflink: State change > Initial --> Closed > Sep 9 20:44:50 apollo ppp[14612]: tun0: LCP: deflink: State change > Closed --> Stopped > Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: read (5): Got zero > bytes > Sep 9 20:45:12 apollo ppp[14612]: tun0: LCP: deflink: State change > Stopped --> Closed > Sep 9 20:45:12 apollo ppp[14612]: tun0: LCP: deflink: State change > Closed --> Initial > Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: Disconnected! > Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: lcp -> hangup > Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: Connect time: 22 > secs: 71 octets > Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: total 3 bytes/sec, peak 35 > bytes/sec on > Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: hangup -> closed > Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: bundle: Dead > Sep 9 20:45:15 apollo ppp[14612]: tun0: Phase: /dev/tty: Client connection > closed. > Sep 9 20:45:15 apollo ppp[14612]: tun0: Phase: PPP Terminated (normal). > > Relavent server log: > > Sep 9 20:05:08 csa ppp[12854]: Phase: Using interface: tun0 > Sep 9 20:05:08 csa ppp[12854]: Phase: deflink: Created in closed state > Sep 9 20:05:08 csa ppp[12854]: Phase: PPP Started (direct mode). > Sep 9 20:05:09 csa ppp[12854]: Phase: bundle: Establish > Sep 9 20:05:09 csa ppp[12854]: Phase: deflink: closed -> opening > Sep 9 20:05:09 csa ppp[12854]: Phase: deflink: Connected! > Sep 9 20:05:09 csa ppp[12854]: Phase: deflink: opening -> lcp > Sep 9 20:05:25 csa ppp[12854]: Phase: deflink: Disconnected! > Sep 9 20:05:25 csa ppp[12854]: Phase: deflink: Connect time: 16 secs: 0 > octets in, 275 octets out > Sep 9 20:05:25 csa ppp[12854]: Phase: total 17 bytes/sec, peak 22 > bytes/sec on Thu Sep 9 20:05:25 1999 > Sep 9 20:05:25 csa ppp[12854]: Phase: deflink: lcp -> closed > Sep 9 20:05:25 csa ppp[12854]: Phase: bundle: Dead > Sep 9 20:05:25 csa ppp[12854]: Phase: PPP Terminated (normal). > > (I know the clocks are wrong ;-) -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message