From owner-freebsd-questions Mon May 29 0:40:17 2000 Delivered-To: freebsd-questions@freebsd.org Received: from fedde.littleton.co.us (fedde.littleton.co.us [216.17.174.44]) by hub.freebsd.org (Postfix) with ESMTP id D3CC137B89C for ; Mon, 29 May 2000 00:40:14 -0700 (PDT) (envelope-from cfedde@fedde.littleton.co.us) Received: from fedde.littleton.co.us (localhost [127.0.0.1]) by fedde.littleton.co.us (8.10.0/8.10.0) with ESMTP id e4T7eCv01725; Mon, 29 May 2000 01:40:12 -0600 (MDT) Message-Id: <200005290740.e4T7eCv01725@fedde.littleton.co.us> To: Glenn Johnson Cc: questions@FreeBSD.ORG Subject: Re: setting up a VPN In-Reply-To: <20000529012607.A44015@gforce.johnson.home> From: Chris Fedde Date: Mon, 29 May 2000 01:40:12 -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 29 May 2000 01:26:07 -0500 Glenn Johnson wrote: +------------------ | I can do an ssh session. How do I bind the socket on both ends? +------------------ First read the secton in the ppp(1) manual page about "PPP OVER TCP and UDP (a.k.a Tunnelling)" then consider the following: $ sudo ssh remote -L 6669:remote:6669 sleep 3600 $ ppp remote Esentially you set up a "server" on remote using inetd. When connection comes into port 6669 it kicks off ppp with the right arguments. Addressing at the endpoints can be confusing. Think of the ssh port mapping as as a point-to-point circuit. You may need more tun devices. Some issues: WLOG If the local system is inside the corporate firewall and the remote system is outside then this technique extends the boundry of the corporate network to your remote system and by association to your home security procedures. I've known some network administrators to look down on this kind of setup. chris -- Chris Fedde 303 773 9134 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message