From owner-freebsd-questions  Thu Sep  9 19: 4: 6 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from hercules.crossthread.com (hercules.crossthread.com [139.142.137.200])
	by hub.freebsd.org (Postfix) with ESMTP id 05CAB15165
	for <questions@freebsd.org>; Thu,  9 Sep 1999 19:04:01 -0700 (PDT)
	(envelope-from timp@crossthread.com)
Received: from dedalus (24.66.196.249.ab.wave.home.com [24.66.196.249])
	by hercules.crossthread.com (8.9.3/8.9.3) with SMTP id UAA75809
	for <questions@freebsd.org>; Thu, 9 Sep 1999 20:03:08 -0600 (MDT)
From: "Tim Pushor" <timp@crossthread.com>
To: <questions@freebsd.org>
Subject: user PPP over SSH
Date: Fri, 10 Sep 1999 10:13:44 -0600
Message-ID: <NDBBLBANILADPLNAGCNPKEJBCAAA.timp@crossthread.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


I have been trying to get user PPP to work over an SSH connection. I have
made this work with SSL port forwarders before, but think that the 'ssh
hostname /usr/sbin/ppp label' method is MUCH cleaner. Judging from the
example in /usr/share/examples/ppp/ppp.conf.sample, it should work.

I have two FreeBSD machines that I will call the client and the server. The
client attempts to 'call' the server via ssh. SSH has been configured on the
machines at least for the time being that root authenticates via RSA and has
no passphrase. This works. What also works is if I try to run ppp via ssh
from the shell. I see the frames. It does not work from within PPP. It seems
like the PPP programs just can't see each other.

Today I downloaded and built the newest PPP from awfulhak.org (Version
2.23 - Sep 9, 1999) on both machines. Both machines are using ssh-1.2.26.
The 'server' is FreeBSD 2.2.8-RELEASE while the 'client' is FreeBSD
3.2-RELEASE. Everything seems to work fine until PPP is invoked.

In the beginning, I thought the problem was in the set device line, so I
have tried the following:

1) Various invocations of calling ssh:
 ssh -t hostname /usr/sbin/ppp -ddial label
 ssh hostname /usr/sbin/ppp -ddial label
 ssh -l username -i identityfile hostname /usr/sbin/ppp -ddial label
 ssh -l username -i identityfile -t hostname /usr/sbin/ppp -ddial label
 ssh -oBatchmode=yes hostname /usr/sbin/ppp -ddial label

2) Creating a shell script with the invocations from 1), and calling the
shell script from
   the set device line of ppp

Observations:

Running PS on the 'server' when the 'client' attempts to call via PPP
indicates that ppp IS being run. The ssh command line is being executed and
executing ppp on the 'server'.

At a shell on the 'client' if I issued any of the commands above *that
contained a -t option to ssh* I could see PPP frames coming from the
'server'.

I would be grateful if someone can help with this, and I would be happy to
summarize to the list to share my experiences.

Please CC my email address as I do not subscribe to this list.

Thanks,
Tim
---------

Client configuration:

/etc/ppp/ppp.conf

vpn:
 set log phase chat connect lcp ipcp command tun ccp
 set openmode passive
 set device "!ssh -t host.name.com /usr/sbin/ppp -direct vpnserv"
 set dial
 set login
 set ifaddr 10.0.10.2 10.0.10.1
 set timeout 0

/usr/local/etc/ssh_config

*all lines are comments*


Server configuration:

/etc/ppp/ppp.conf

vpnserv:
 set timeout 0
 set ifaddr 10.0.10.1 10.0.10.2
 set log phase chat connect lcp ipcp command
 allow mode direct

/etc/sshd_config

Port 22
ListenAddress 0.0.0.0
HostKey /etc/ssh_host_key
RandomSeed /etc/ssh_random_seed
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
IgnoreRhosts no
StrictModes yes
QuietMode no
X11Forwarding yes
X11DisplayOffset 10
FascistLogging yes
PrintMotd no
KeepAlive yes
SyslogFacility DAEMON
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords yes
UseLogin no


Relavent client ppp log:

Sep  9 20:44:50 apollo ppp[14612]: tun0: Phase: bundle: Establish
Sep  9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: closed -> opening
Sep  9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: Connected!
Sep  9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: opening -> dial
Sep  9 20:44:50 apollo ppp[14612]: tun0: Chat: deflink: Dial attempt 1 of 1
Sep  9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: dial -> carrier
Sep  9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: carrier -> login
Sep  9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: login -> lcp
Sep  9 20:44:50 apollo ppp[14612]: tun0: LCP: FSM: Using "deflink" as a
transport
Sep  9 20:44:50 apollo ppp[14612]: tun0: LCP: deflink: State change
Initial --> Closed
Sep  9 20:44:50 apollo ppp[14612]: tun0: LCP: deflink: State change
Closed --> Stopped
Sep  9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: read (5): Got zero
bytes
Sep  9 20:45:12 apollo ppp[14612]: tun0: LCP: deflink: State change
Stopped --> Closed
Sep  9 20:45:12 apollo ppp[14612]: tun0: LCP: deflink: State change
Closed --> Initial
Sep  9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: Disconnected!
Sep  9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: lcp -> hangup
Sep  9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: Connect time: 22
secs: 71 octets
Sep  9 20:45:12 apollo ppp[14612]: tun0: Phase:  total 3 bytes/sec, peak 35
bytes/sec on
Sep  9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: hangup -> closed
Sep  9 20:45:12 apollo ppp[14612]: tun0: Phase: bundle: Dead
Sep  9 20:45:15 apollo ppp[14612]: tun0: Phase: /dev/tty: Client connection
closed.
Sep  9 20:45:15 apollo ppp[14612]: tun0: Phase: PPP Terminated (normal).

Relavent server log:

Sep  9 20:05:08 csa ppp[12854]: Phase: Using interface: tun0
Sep  9 20:05:08 csa ppp[12854]: Phase: deflink: Created in closed state
Sep  9 20:05:08 csa ppp[12854]: Phase: PPP Started (direct mode).
Sep  9 20:05:09 csa ppp[12854]: Phase: bundle: Establish
Sep  9 20:05:09 csa ppp[12854]: Phase: deflink: closed -> opening
Sep  9 20:05:09 csa ppp[12854]: Phase: deflink: Connected!
Sep  9 20:05:09 csa ppp[12854]: Phase: deflink: opening -> lcp
Sep  9 20:05:25 csa ppp[12854]: Phase: deflink: Disconnected!
Sep  9 20:05:25 csa ppp[12854]: Phase: deflink: Connect time: 16 secs: 0
octets in, 275 octets out
Sep  9 20:05:25 csa ppp[12854]: Phase:  total 17 bytes/sec, peak 22
bytes/sec on Thu Sep  9 20:05:25 1999
Sep  9 20:05:25 csa ppp[12854]: Phase: deflink: lcp -> closed
Sep  9 20:05:25 csa ppp[12854]: Phase: bundle: Dead
Sep  9 20:05:25 csa ppp[12854]: Phase: PPP Terminated (normal).

(I know the clocks are wrong ;-)



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message