Date: Wed, 2 Aug 2000 11:04:22 -0400 (EDT) From: Brian Dean <bsd@bsdhome.com> To: Steve Hocking <shocking@hstn.tensor.pgs.com> Cc: hackers@FreeBSD.ORG Subject: Re: Virtual interaces and tunneling stuff over SSH Message-ID: <Pine.BSF.4.21.0008021053290.34507-100000@vger.bsdhome.com> In-Reply-To: <200008012142.QAA05077@penguin.hstn.tensor.pgs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Aug 2000, Steve Hocking wrote:
> Is is possible to use an SSH connection with a tun interface at
> either end, such that one could have a VPN? I'm tired of waiting for
> people here to make a decision on a package and would like to have a
> proof of concept up and running. Extra points for those who can do
> the same thing with a Linux box at one end.
# Change the following parameters as appropriate
user=
host=
key=/home/bsd/.ssh/vpnkey
laddr=192.168.251.2
raddr=192.168.251.1
/usr/local/bin/pty-redir \
/usr/bin/ssh -t -e none -o 'Batchmode yes' \
-i $key -l $user \
$host > $HOME/vpndev
/usr/sbin/pppd `cat $HOME/vpndev` debug $laddr:$raddr
# wait a few seconds for the connection to establish
Your connection will be on ppp0. The remote side should have
/usr/sbin/pppd as the login shell (or you can specify in it on the ssh
command like, I'm pretty sure).
If you use this method, you will need to modify pty-redir slightly so
that it's child sleeps for a second or so before execing ssh. This
works around a combination of non-standard behaviour in our pty
ioctl(), and, I believe, a mis-use of 'isatty()' in ssh.
-Brian
--
Brian Dean
bsd@FreeBSD.org
bsd@bsdhome.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008021053290.34507-100000>