From owner-freebsd-net@FreeBSD.ORG Sun Jan 4 11:50:57 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F9C5106566C for ; Sun, 4 Jan 2009 11:50:57 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (agora.rdrop.com [199.26.172.34]) by mx1.freebsd.org (Postfix) with ESMTP id DFF518FC0C for ; Sun, 4 Jan 2009 11:50:56 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id n04Botj8017388 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 4 Jan 2009 03:50:56 -0800 (PST) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id n04Bota9017387; Sun, 4 Jan 2009 03:50:55 -0800 (PST) Received: from fbsd61 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA08299; Sun, 4 Jan 09 03:32:20 PST Date: Sun, 04 Jan 2009 03:34:43 -0800 From: perryh@pluto.rain.com To: smithi@nimnet.asn.au Message-Id: <49609ed3.pm0Bis/9ZOFmjtVw%perryh@pluto.rain.com> References: <495edc8b.yfwTDGtb9G/8NMur%perryh@pluto.rain.com> <20090103154232.P28770@sola.nimnet.asn.au> <495f15da.kLIW2g4L+3rMjCXS%perryh@pluto.rain.com> <20090103185837.K28770@sola.nimnet.asn.au> <495fd4f4.LnYmNJ/Km8Riy79x%perryh@pluto.rain.com> <20090104173927.R28770@sola.nimnet.asn.au> In-Reply-To: <20090104173927.R28770@sola.nimnet.asn.au> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: tun0 not responding to ping X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jan 2009 11:50:57 -0000 > Had a quick look at http://www.unix-ag.uni-kl.de/~massar/vpnc/ but > don't get whether it, or you, are configuring ppp? ie, does vpnc > make or mess with /etc/ppp/ppp.conf? Or otherwise invoke ppp > directly itself? Neither, I suspect. Looking at the ppp(8) manpage, it looks as if both vpnc and (user-mode) ppp use tun(4) rather than vpnc invoking ppp. There's no mention of ppp in the vpnc README or manpage, although the manpage does mention ip(8), ifconfig(8), and route(1). My /etc/ppp/ppp.conf is dated in 2006, so I guess it it "as delivered". It appears to be a template for connecting to an ISP via dialup or PAP/CHAP. > You can do pretty much like the above by invoking an > /etc/ppp/ppp.linkup script. Provided it could (somehow) be made to handle the VPN encryption and logon credentials, including RSA SecureNet one-time passwords, which vpnc seems to take care of. > Here you're not using the tunnel as your default route anyway, > but you could perhaps fix the addressing with ifconfig ... That seems to be Flemer's approach, and it may be as good a thing as any to try first. > Have you considered using mpd for this instead? That would be Flemer's setup. I got the impression from his paper that it might not handle the RSA one-time passwords very well, if at all, although it might work well enough in a shop that does not use dynamic passwords. (I suspect no one would have taken the trouble to write vpnc, or at least to port it from Linux to FreeBSD, had mpd been an altogether satisfactory solution :)