From owner-freebsd-hackers Wed Aug 2 8: 4:46 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from smtp.bsdhome.com (unknown [24.25.2.13]) by hub.freebsd.org (Postfix) with ESMTP id 7EF9B37BA59 for ; Wed, 2 Aug 2000 08:04:41 -0700 (PDT) (envelope-from bsd@bsdhome.com) Received: from vger.bsdhome.com (vger [192.168.220.2]) by smtp.bsdhome.com (8.9.3/8.9.3) with ESMTP id LAA23744; Wed, 2 Aug 2000 11:04:23 -0400 (EDT) (envelope-from bsd@bsdhome.com) Received: from localhost (bsd@localhost) by vger.bsdhome.com (8.9.3/8.9.3) with ESMTP id LAA34548; Wed, 2 Aug 2000 11:04:22 -0400 (EDT) (envelope-from bsd@vger.bsdhome.com) Date: Wed, 2 Aug 2000 11:04:22 -0400 (EDT) From: Brian Dean To: Steve Hocking Cc: hackers@FreeBSD.ORG Subject: Re: Virtual interaces and tunneling stuff over SSH In-Reply-To: <200008012142.QAA05077@penguin.hstn.tensor.pgs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 1 Aug 2000, Steve Hocking wrote: > Is is possible to use an SSH connection with a tun interface at > either end, such that one could have a VPN? I'm tired of waiting for > people here to make a decision on a package and would like to have a > proof of concept up and running. Extra points for those who can do > the same thing with a Linux box at one end. # Change the following parameters as appropriate user= host= key=/home/bsd/.ssh/vpnkey laddr=192.168.251.2 raddr=192.168.251.1 /usr/local/bin/pty-redir \ /usr/bin/ssh -t -e none -o 'Batchmode yes' \ -i $key -l $user \ $host > $HOME/vpndev /usr/sbin/pppd `cat $HOME/vpndev` debug $laddr:$raddr # wait a few seconds for the connection to establish Your connection will be on ppp0. The remote side should have /usr/sbin/pppd as the login shell (or you can specify in it on the ssh command like, I'm pretty sure). If you use this method, you will need to modify pty-redir slightly so that it's child sleeps for a second or so before execing ssh. This works around a combination of non-standard behaviour in our pty ioctl(), and, I believe, a mis-use of 'isatty()' in ssh. -Brian -- Brian Dean bsd@FreeBSD.org bsd@bsdhome.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message