Date: Fri, 06 Apr 2001 01:47:09 +0100 From: Brian Somers <brian@Awfulhak.org> To: Leif Neland <leifn@neland.dk> Cc: freebsd-isdn@FreeBSD.ORG, brian@Awfulhak.org Subject: Tunneling with ppp (was: pppoe (=poptop?) over userland ppp) Message-ID: <200104060047.f360l9P03701@hak.lan.Awfulhak.org> In-Reply-To: Message from Leif Neland <leifn@neland.dk> of "Fri, 06 Apr 2001 00:56:09 %2B0200." <Pine.BSF.4.33.0104060029590.12445-100000@arnold.neland.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
PPPoE just puts ppp packets into ethernet frames. It's only good for
tunneling if you've got a direct link between the two sides (maybe
bridged).
One of the simplest ways to set up a tunnel between you and them is
with ssh - something like
set device "!ssh remotehost -e none ppp -direct in"
You can replace the ``ppp -direct in'' bit with some pppd incantation
on linux if you know how (I don't). Beware though - if linux's sshd
is openssh, it may be built with pipes instead of sockets and end up
not working because openssh assumes that a pipe is uni-directional
and only creates stdin as a read-only descriptor. This breaks ppp
-direct which assumes descriptor 0 is bi-directional.
The big arguments are:
Bad: You've got an unreliable layer above a reliable layer - when
someone creates a tcp connection through the tunnel and a
packet is dropped, two layers of error correction kick in.
Good: Use ``ssh -C'' instead of any ppp-level compression and you
make a killing with compression that more than makes up for
the TCP over TCP problem.
The tunnel is as secure as your ssh key
It's a piece of p1ss to set up.
See /usr/share/examples/ppp/ppp.conf.sample.
> I've searched the mailing list archives and google, but can't locate any
> answers.
>
> I'm running userland ppp on a -current box as a firewall/isdn-router to
> connect my home-network over isdn to the internet.
>
> I'm running poptop on the linux gateway at work, and I can connect a home
> windows-me vith microsofts VPN to poptop and connect to the nt's inside
> the firewall at work. (I scared a coworker this evening: He had just
> checked he was the last one at the office, and suddenly the printer
> started printing! :-) )
>
> But I'd like to have pppoe running on my home gateway to transparently
> connect my home network to the office network.
>
> While I've seen examples where I can write in ppp.conf "device: PPPoE:ed0"
> to connect a netgraph node to an ethernet card, I can not do "device:
> PPPoE:tun0"; tun0 is not a netgraph node as ed0 is.
>
> I've also tried device: PPPoE:i4bing0, but gets
>
> Warning: i4bing0 unexpected nodetype ``i4bing'' (wanted ``ether'')
>
> What to do then?
>
> Also; I can't see where I specify the adress of the remote poptop gateway
> machine.
>
> Leif
--
Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org>
<http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104060047.f360l9P03701>