Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 04 Jan 2009 03:34:43 -0800
From:      perryh@pluto.rain.com
To:        smithi@nimnet.asn.au
Cc:        freebsd-net@freebsd.org
Subject:   Re: tun0 not responding to ping
Message-ID:  <49609ed3.pm0Bis/9ZOFmjtVw%perryh@pluto.rain.com>
In-Reply-To: <20090104173927.R28770@sola.nimnet.asn.au>
References:  <495edc8b.yfwTDGtb9G/8NMur%perryh@pluto.rain.com> <20090103154232.P28770@sola.nimnet.asn.au> <495f15da.kLIW2g4L%2B3rMjCXS%perryh@pluto.rain.com> <20090103185837.K28770@sola.nimnet.asn.au> <495fd4f4.LnYmNJ/Km8Riy79x%perryh@pluto.rain.com> <20090104173927.R28770@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
> Had a quick look at http://www.unix-ag.uni-kl.de/~massar/vpnc/ but
> don't get whether it, or you, are configuring ppp?  ie, does vpnc
> make or mess with /etc/ppp/ppp.conf?  Or otherwise invoke ppp
> directly itself?

Neither, I suspect.  Looking at the ppp(8) manpage, it looks as if
both vpnc and (user-mode) ppp use tun(4) rather than vpnc invoking
ppp.  There's no mention of ppp in the vpnc README or manpage,
although the manpage does mention ip(8), ifconfig(8), and route(1).

My /etc/ppp/ppp.conf is dated in 2006, so I guess it it "as
delivered".  It appears to be a template for connecting to
an ISP via dialup or PAP/CHAP.

> You can do pretty much like the above by invoking an
> /etc/ppp/ppp.linkup script.

Provided it could (somehow) be made to handle the VPN encryption and
logon credentials, including RSA SecureNet one-time passwords, which
vpnc seems to take care of.

> Here you're not using the tunnel as your default route anyway, 
> but you could perhaps fix the addressing with ifconfig ...

That seems to be Flemer's approach, and it may be as good a thing
as any to try first.

> Have you considered using mpd for this instead?

That would be Flemer's setup.  I got the impression from his paper
that it might not handle the RSA one-time passwords very well, if at
all, although it might work well enough in a shop that does not use
dynamic passwords.  (I suspect no one would have taken the trouble
to write vpnc, or at least to port it from Linux to FreeBSD, had mpd
been an altogether satisfactory solution :)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49609ed3.pm0Bis/9ZOFmjtVw%perryh>