From owner-freebsd-stable  Mon Apr 16 11:52:55 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from idiom.com (idiom.com [216.240.32.1])
	by hub.freebsd.org (Postfix) with ESMTP id C83B837B424
	for <freebsd-stable@freebsd.org>; Mon, 16 Apr 2001 11:52:52 -0700 (PDT)
	(envelope-from rdm@cfcl.com)
Received: from cfcl.com (cpe-24-221-169-54.ca.sprintbbd.net [24.221.169.54])
	by idiom.com (8.9.3/8.9.3) with ESMTP id LAA17297
	for <freebsd-stable@freebsd.org>; Mon, 16 Apr 2001 11:52:52 -0700 (PDT)
Received: from [192.168.168.205] (cerberus [192.168.168.205])
	by cfcl.com (8.11.1/8.11.1) with ESMTP id f3GIs4V98562
	for <freebsd-stable@freebsd.org>; Mon, 16 Apr 2001 11:54:04 -0700 (PDT)
	(envelope-from rdm@cfcl.com)
Mime-Version: 1.0
Message-Id: <p05001920b700ef94a7a0@[192.168.168.205]>
Date: Mon, 16 Apr 2001 11:51:54 -0700
To: freebsd-stable@freebsd.org
From: Rich Morin <rdm@cfcl.com>
Subject: VPN, via pppd over ssh
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I am working with a client (bar.com) who has a firewall and a bunch of
internal Linux boxes.  Meanwhile, I am running NAT on my LAN (via a
SonicWall firewall box), FreeBSD 4.2 on my server, and Mac OS 8.6 on
my desktop G3.

I have managed to get ssh working from my server to their site, so I
can log in and do work, but my Mac is still out of the loop.

The client suggests that I set up my FreeBSD box to run pppd over ssh,
achieving a VPN connection, then let the server act as a router for my
Mac (whew!).  They suggest using a script which looks something like:

   rhii=...                       # remote host's internal IP address
   cppi=...                       # cfcl's ppp IP for remote host
   bedn=...                       # bar.com Engr. Dev. Net

   /usr/sbin/pppd noauth linkname bar pty                          \
     "ssh -l rmorin foo.bar.com                                    \
     'sudo /usr/sbin/pppd notty noauth debug linkname rmorin       \
     $rhii:$cppi'" $cppi:$rhii

   sleep 10

   /sbin/route add -net $bedn.0 gw $bedn.11 netmask 255.255.255.0

Getting back to cases, I have been trying to run the first command
by hand and have found that my version of pppd supports neither the
pty nor the linkname option.  The first is a show-stopper; the last
is merely a minor nuisance.  My pppd is "version 2.3 patch level 5"
and its man page says nothing about the pty option.  The client's
"pppd 2.3" man page, OTOH, says:

        pty script
               Specifies  that the command script is to be used to
               communicate rather than a specific terminal device.
               Pppd will allocate itself a pseudo-tty master/slave
               pair and use the slave as its terminal device.  The
               script  will  be  run  in  a child process with the
               pseudo-tty master as its standard input and output.
               An  explicit  device  name may not be given if this
               option is used.  (Note: if  the  record  option  is
               used  in  conjuction with the pty option, the child
               process will have pipes on its standard  input  and
               output.)

I suspect that I need to get a later version of pppd, but there
doesn't seem to be one in the Ports Collection.  So, before I do
something damaging and stupid, can anyone throw me a clue?

-r
-- 
http://www.cfcl.com/rdm - home page, resume, etc.
http://www.cfcl.com/Meta/md_fb.html - The FreeBSD Browser
email: rdm@cfcl.com; phone: +1 650-873-7841

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message