Date: Fri, 9 Jul 1999 10:20:31 +0200 (CEST) From: "Raymond Wiker" <raymond@orion.no> To: Mike Tisdell <mike@netronix.com> Cc: freebsd-stable@freebsd.org Subject: Re: VPN question (using ppp and ssh) Message-ID: <14213.45263.666074.885801@foobar.orion.no> In-Reply-To: <4.1.19990708123747.018dfcb0@shuttle.netronix.com> References: <4.1.19990708123747.018dfcb0@shuttle.netronix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tisdell writes: > > > I have setup a VPN using ppp and ssh, using the device !/etc/ppp/secure > in the ppp.conf. Amost the same as that provided in the ppp.conf.sample in > 2.2.8. I want to use the VPN in the -auto mode because the vpn session is > routed over a standard on demand ppp connection to an ISP. The problem that > I am having is that when anything (including the idle timer) causes the > link to come down and ssh terminates, ppp also terminates with a discripter > 0 error. > > I have tried listing multiple instances of !/etc/ppp/secure in the device > statement in ppp.conf hoping that when ppp sees the failed device it would > try the next, but it doesn't. It appears that when ssh terminates and > closes stdin/stdout it causes a fatal error that ppp cannot recover from. > Does anyone have any ideas on how to get around this? It might be possible to get around this by using the port forwarding mechanism in ssh, instead of using the ssh connection directly. Try putting the following in /etc/services: ppp-out 6668/tcp # Outgoing ppp connections and in /etc/inetd.conf: ppp-out stream tcp ssh -a -x vpn /usr/sbin/ppp -direct vpn-in With a bit of luck(!), this would work as follows: - use localhost:6668 as the "device" for ppp - a connection to port 6668 (ppp-out) on the local machine results in an ssh connection to the remote machine - this connection, in turn, is terminated by ppp Note: vpn is the name of an ssh configuration, while vpn-in is the name of a ppp configuration. Note 2: you may also need some sort of delay before trying to bring up the connection again (unless you have more than one tunnel device...) //Raymond. -- Raymond Wiker, Orion Systems AS +47 370 61150 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14213.45263.666074.885801>