Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Apr 2001 11:51:54 -0700
From:      Rich Morin <rdm@cfcl.com>
To:        freebsd-stable@freebsd.org
Subject:   VPN, via pppd over ssh
Message-ID:  <p05001920b700ef94a7a0@[192.168.168.205]>

next in thread | raw e-mail | index | archive | help
I am working with a client (bar.com) who has a firewall and a bunch of
internal Linux boxes.  Meanwhile, I am running NAT on my LAN (via a
SonicWall firewall box), FreeBSD 4.2 on my server, and Mac OS 8.6 on
my desktop G3.

I have managed to get ssh working from my server to their site, so I
can log in and do work, but my Mac is still out of the loop.

The client suggests that I set up my FreeBSD box to run pppd over ssh,
achieving a VPN connection, then let the server act as a router for my
Mac (whew!).  They suggest using a script which looks something like:

   rhii=...                       # remote host's internal IP address
   cppi=...                       # cfcl's ppp IP for remote host
   bedn=...                       # bar.com Engr. Dev. Net

   /usr/sbin/pppd noauth linkname bar pty                          \
     "ssh -l rmorin foo.bar.com                                    \
     'sudo /usr/sbin/pppd notty noauth debug linkname rmorin       \
     $rhii:$cppi'" $cppi:$rhii

   sleep 10

   /sbin/route add -net $bedn.0 gw $bedn.11 netmask 255.255.255.0

Getting back to cases, I have been trying to run the first command
by hand and have found that my version of pppd supports neither the
pty nor the linkname option.  The first is a show-stopper; the last
is merely a minor nuisance.  My pppd is "version 2.3 patch level 5"
and its man page says nothing about the pty option.  The client's
"pppd 2.3" man page, OTOH, says:

        pty script
               Specifies  that the command script is to be used to
               communicate rather than a specific terminal device.
               Pppd will allocate itself a pseudo-tty master/slave
               pair and use the slave as its terminal device.  The
               script  will  be  run  in  a child process with the
               pseudo-tty master as its standard input and output.
               An  explicit  device  name may not be given if this
               option is used.  (Note: if  the  record  option  is
               used  in  conjuction with the pty option, the child
               process will have pipes on its standard  input  and
               output.)

I suspect that I need to get a later version of pppd, but there
doesn't seem to be one in the Ports Collection.  So, before I do
something damaging and stupid, can anyone throw me a clue?

-r
-- 
http://www.cfcl.com/rdm - home page, resume, etc.
http://www.cfcl.com/Meta/md_fb.html - The FreeBSD Browser
email: rdm@cfcl.com; phone: +1 650-873-7841

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05001920b700ef94a7a0>