Date: Mon, 16 Apr 2001 11:51:54 -0700 From: Rich Morin <rdm@cfcl.com> To: freebsd-stable@freebsd.org Subject: VPN, via pppd over ssh Message-ID: <p05001920b700ef94a7a0@[192.168.168.205]>
next in thread | raw e-mail | index | archive | help
I am working with a client (bar.com) who has a firewall and a bunch of
internal Linux boxes. Meanwhile, I am running NAT on my LAN (via a
SonicWall firewall box), FreeBSD 4.2 on my server, and Mac OS 8.6 on
my desktop G3.
I have managed to get ssh working from my server to their site, so I
can log in and do work, but my Mac is still out of the loop.
The client suggests that I set up my FreeBSD box to run pppd over ssh,
achieving a VPN connection, then let the server act as a router for my
Mac (whew!). They suggest using a script which looks something like:
rhii=... # remote host's internal IP address
cppi=... # cfcl's ppp IP for remote host
bedn=... # bar.com Engr. Dev. Net
/usr/sbin/pppd noauth linkname bar pty \
"ssh -l rmorin foo.bar.com \
'sudo /usr/sbin/pppd notty noauth debug linkname rmorin \
$rhii:$cppi'" $cppi:$rhii
sleep 10
/sbin/route add -net $bedn.0 gw $bedn.11 netmask 255.255.255.0
Getting back to cases, I have been trying to run the first command
by hand and have found that my version of pppd supports neither the
pty nor the linkname option. The first is a show-stopper; the last
is merely a minor nuisance. My pppd is "version 2.3 patch level 5"
and its man page says nothing about the pty option. The client's
"pppd 2.3" man page, OTOH, says:
pty script
Specifies that the command script is to be used to
communicate rather than a specific terminal device.
Pppd will allocate itself a pseudo-tty master/slave
pair and use the slave as its terminal device. The
script will be run in a child process with the
pseudo-tty master as its standard input and output.
An explicit device name may not be given if this
option is used. (Note: if the record option is
used in conjuction with the pty option, the child
process will have pipes on its standard input and
output.)
I suspect that I need to get a later version of pppd, but there
doesn't seem to be one in the Ports Collection. So, before I do
something damaging and stupid, can anyone throw me a clue?
-r
--
http://www.cfcl.com/rdm - home page, resume, etc.
http://www.cfcl.com/Meta/md_fb.html - The FreeBSD Browser
email: rdm@cfcl.com; phone: +1 650-873-7841
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05001920b700ef94a7a0>