Date: Thu, 16 Feb 2006 13:48:32 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-mobile@FreeBSD.ORG, hartzell@alerce.com Subject: Re: ssh-based vpn and routing question. Message-ID: <200602161248.k1GCmWLk072714@lurza.secnetix.de> In-Reply-To: <17393.214.512151.13869@satchel.alerce.com>
next in thread | previous in thread | raw e-mail | index | archive | help
George Hartzell <hartzell@alerce.com> wrote: > I'm trying to set up an ssh-based vpn between a 6.0-STABLE laptop and > a remote server (I've tried it to both 6.0-STABLE and 5.3-STABLE). > > I can bring up a ppp link via an ssh tunnel and each side can ping the > address of the other side of the tunnel. You could try to use the new OpenSSH 4.3p1 that was released two weeks ago. It supports tunneling IP or even ethernet through the ssh connection natively, using tun(4) or tap(4) interfaces, respectively, so you don't need ppp at all. However, note that tunnelig TCP connections over ssh (which in turn is a TCP connection itself) doesn't work very well, especially on connections with long delays or packet loss, because the retransmit algorithms of the nested TCP connections interfere badly with each other. Here's a fairly good explanation: http://sites.inka.de/sites/bigred/devel/tcp-tcp.html A much better solution is to use OpenVPN. Basically it does the same thing, i.e. tunneling IP or ethernet using tun(4) or tap(4), but it uses UDP as the under- lying protocol by default, so it doesn't suffer that badly from the above problem. However, it requires that those UDP packets are allowed to go through your firewall. If tcp/22 is your only choice, then go for OpenSSH 4.3. (YMMV, of course.) Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. With Perl you can manipulate text, interact with programs, talk over networks, drive Web pages, perform arbitrary precision arithmetic, and write programs that look like Snoopy swearing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602161248.k1GCmWLk072714>