Date: Fri, 10 Sep 1999 08:21:40 +0100 From: Brian Somers <brian@Awfulhak.org> To: "Tim Pushor" <timp@crossthread.com> Cc: questions@FreeBSD.ORG Subject: Re: user PPP over SSH Message-ID: <199909100721.IAA37609@keep.lan.Awfulhak.org> In-Reply-To: Your message of "Fri, 10 Sep 1999 10:13:44 MDT." <NDBBLBANILADPLNAGCNPKEJBCAAA.timp@crossthread.com>
next in thread | previous in thread | raw e-mail | index | archive | help
How about enabling ``physical'' logging on both sides ? A lot of
your examples aren't using -direct when envoking the remote process.
Only -direct will read file descriptor 0, so it's the only ppp mode
that'll work.
As an exercise, you can also try something like this - just to prove
that program execution works:
keep:~ $ ppp
Working in interactive mode
Using interface: tun1
ppp ON keep> set log local physical
ppp ON keep> set device "!pwd"
ppp ON keep> term
deflink: Entering terminal mode on !pwd
Type `~?' for help
Physical: read
Physical: 2f 68 6f 6d 65 2f 62 72 69 61 6e 0a /home/brian.
/home/brian
Physical: read
ppp ON keep>
Also, don't use the -t switch to ssh - you don't want a pseudo tty
and ssh doesn't allocate one anyway if the local end doesn't have one
- it just moans a bit.
If the above works, change the above to run ``ssh whereever pwd'' and
make sure the output is roughly the same. Then progress onto ``ssh
whereever /usr/sbin/ppp -direct whatever''. Bear in mind that /usr/
sbin may not be in your path on the sshd side.
> I have been trying to get user PPP to work over an SSH connection. I have
> made this work with SSL port forwarders before, but think that the 'ssh
> hostname /usr/sbin/ppp label' method is MUCH cleaner. Judging from the
> example in /usr/share/examples/ppp/ppp.conf.sample, it should work.
>
> I have two FreeBSD machines that I will call the client and the server. The
> client attempts to 'call' the server via ssh. SSH has been configured on the
> machines at least for the time being that root authenticates via RSA and has
> no passphrase. This works. What also works is if I try to run ppp via ssh
> from the shell. I see the frames. It does not work from within PPP. It seems
> like the PPP programs just can't see each other.
>
> Today I downloaded and built the newest PPP from awfulhak.org (Version
> 2.23 - Sep 9, 1999) on both machines. Both machines are using ssh-1.2.26.
> The 'server' is FreeBSD 2.2.8-RELEASE while the 'client' is FreeBSD
> 3.2-RELEASE. Everything seems to work fine until PPP is invoked.
>
> In the beginning, I thought the problem was in the set device line, so I
> have tried the following:
>
> 1) Various invocations of calling ssh:
> ssh -t hostname /usr/sbin/ppp -ddial label
> ssh hostname /usr/sbin/ppp -ddial label
> ssh -l username -i identityfile hostname /usr/sbin/ppp -ddial label
> ssh -l username -i identityfile -t hostname /usr/sbin/ppp -ddial label
> ssh -oBatchmode=yes hostname /usr/sbin/ppp -ddial label
>
> 2) Creating a shell script with the invocations from 1), and calling the
> shell script from
> the set device line of ppp
>
> Observations:
>
> Running PS on the 'server' when the 'client' attempts to call via PPP
> indicates that ppp IS being run. The ssh command line is being executed and
> executing ppp on the 'server'.
>
> At a shell on the 'client' if I issued any of the commands above *that
> contained a -t option to ssh* I could see PPP frames coming from the
> 'server'.
>
> I would be grateful if someone can help with this, and I would be happy to
> summarize to the list to share my experiences.
>
> Please CC my email address as I do not subscribe to this list.
>
> Thanks,
> Tim
> ---------
>
> Client configuration:
>
> /etc/ppp/ppp.conf
>
> vpn:
> set log phase chat connect lcp ipcp command tun ccp
> set openmode passive
> set device "!ssh -t host.name.com /usr/sbin/ppp -direct vpnserv"
> set dial
> set login
> set ifaddr 10.0.10.2 10.0.10.1
> set timeout 0
>
> /usr/local/etc/ssh_config
>
> *all lines are comments*
>
>
> Server configuration:
>
> /etc/ppp/ppp.conf
>
> vpnserv:
> set timeout 0
> set ifaddr 10.0.10.1 10.0.10.2
> set log phase chat connect lcp ipcp command
> allow mode direct
>
> /etc/sshd_config
>
> Port 22
> ListenAddress 0.0.0.0
> HostKey /etc/ssh_host_key
> RandomSeed /etc/ssh_random_seed
> ServerKeyBits 768
> LoginGraceTime 600
> KeyRegenerationInterval 3600
> PermitRootLogin yes
> IgnoreRhosts no
> StrictModes yes
> QuietMode no
> X11Forwarding yes
> X11DisplayOffset 10
> FascistLogging yes
> PrintMotd no
> KeepAlive yes
> SyslogFacility DAEMON
> RhostsAuthentication no
> RhostsRSAAuthentication yes
> RSAAuthentication yes
> PasswordAuthentication no
> PermitEmptyPasswords yes
> UseLogin no
>
>
> Relavent client ppp log:
>
> Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: bundle: Establish
> Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: closed -> opening
> Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: Connected!
> Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: opening -> dial
> Sep 9 20:44:50 apollo ppp[14612]: tun0: Chat: deflink: Dial attempt 1 of 1
> Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: dial -> carrier
> Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: carrier -> login
> Sep 9 20:44:50 apollo ppp[14612]: tun0: Phase: deflink: login -> lcp
> Sep 9 20:44:50 apollo ppp[14612]: tun0: LCP: FSM: Using "deflink" as a
> transport
> Sep 9 20:44:50 apollo ppp[14612]: tun0: LCP: deflink: State change
> Initial --> Closed
> Sep 9 20:44:50 apollo ppp[14612]: tun0: LCP: deflink: State change
> Closed --> Stopped
> Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: read (5): Got zero
> bytes
> Sep 9 20:45:12 apollo ppp[14612]: tun0: LCP: deflink: State change
> Stopped --> Closed
> Sep 9 20:45:12 apollo ppp[14612]: tun0: LCP: deflink: State change
> Closed --> Initial
> Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: Disconnected!
> Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: lcp -> hangup
> Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: Connect time: 22
> secs: 71 octets
> Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: total 3 bytes/sec, peak 35
> bytes/sec on
> Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: deflink: hangup -> closed
> Sep 9 20:45:12 apollo ppp[14612]: tun0: Phase: bundle: Dead
> Sep 9 20:45:15 apollo ppp[14612]: tun0: Phase: /dev/tty: Client connection
> closed.
> Sep 9 20:45:15 apollo ppp[14612]: tun0: Phase: PPP Terminated (normal).
>
> Relavent server log:
>
> Sep 9 20:05:08 csa ppp[12854]: Phase: Using interface: tun0
> Sep 9 20:05:08 csa ppp[12854]: Phase: deflink: Created in closed state
> Sep 9 20:05:08 csa ppp[12854]: Phase: PPP Started (direct mode).
> Sep 9 20:05:09 csa ppp[12854]: Phase: bundle: Establish
> Sep 9 20:05:09 csa ppp[12854]: Phase: deflink: closed -> opening
> Sep 9 20:05:09 csa ppp[12854]: Phase: deflink: Connected!
> Sep 9 20:05:09 csa ppp[12854]: Phase: deflink: opening -> lcp
> Sep 9 20:05:25 csa ppp[12854]: Phase: deflink: Disconnected!
> Sep 9 20:05:25 csa ppp[12854]: Phase: deflink: Connect time: 16 secs: 0
> octets in, 275 octets out
> Sep 9 20:05:25 csa ppp[12854]: Phase: total 17 bytes/sec, peak 22
> bytes/sec on Thu Sep 9 20:05:25 1999
> Sep 9 20:05:25 csa ppp[12854]: Phase: deflink: lcp -> closed
> Sep 9 20:05:25 csa ppp[12854]: Phase: bundle: Dead
> Sep 9 20:05:25 csa ppp[12854]: Phase: PPP Terminated (normal).
>
> (I know the clocks are wrong ;-)
--
Brian <brian@Awfulhak.org> <brian@FreeBSD.org>
<http://www.Awfulhak.org>; <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@FreeBSD.org.uk>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909100721.IAA37609>