Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 9 Jun 2007 13:00:56 +0400
From:      ghozzy <ghozzy@gmail.com>
To:        anwara <anwara@santori.austasia.biz>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: VPN using bundled ppp?
Message-ID:  <a066eefc0706090200s6e2d6b8bg781e212d95777561@mail.gmail.com>
In-Reply-To: <031601c7aa5c$489117d0$3b00260a@cyvera>
References:  <16869594.20070607142013@d-metrius.ru> <a066eefc0706070641j75a32f1fmc4b07b06ea615c9e@mail.gmail.com> <031601c7aa5c$489117d0$3b00260a@cyvera>

next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_81522_22558994.1181379656212
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Since this is not the first request, I'm cc'ing to the list.
Maybe others will find this helpful.

On 6/9/07, anwara <anwara@santori.austasia.biz> wrote:
> ----- Original Message -----
> From: "ghozzy" <ghozzy@gmail.com>
> To: "Baranov Dmitry" <admin@d-metrius.ru>
> Cc: <freebsd-stable@freebsd.org>
> Sent: Thursday, June 07, 2007 8:41 PM
> Subject: Re: VPN using bundled ppp?
>
>
> > On 6/7/07, Baranov Dmitry <admin@d-metrius.ru> wrote:
> >> Hi, all!
> >>
> >> Is it possible to use VPN connections using bundled ppp without
> >> installing any additional software in FreeBSD 6.2 STABLE?
> >>
> >> Dmitry "d-Metrius" Baranov
> >> ===
> >> e-mail: private: admin@d-metrius.ru
> >> www: http://www.d-metrius.ru
> >> icq: 87-97-07
> >
> > VPN connections between FreeBSD and what ? Another FreeBSD or Windows ?
> > I use VPN between FreeBSD and FreeBSD using ssh as a secure tunnel and
> > run /usr/sbin/ppp over that. Works very fine for me. If you mean that,
> > i can send you my configs and scripts.
> >
> > --
> > ghozzy
>
> Hi ghozzy
> Do you mind to send your config,  and little advice, tips or trick for vpn
> over ssh setting to my email?
>
> rgds
> anwara

I'm not claiming that this is the best configuration possible.
Specifically, man ppp says about PPP over TCP:
--------
The major disadvantage of this mechanism is that there are two "guaran-
teed delivery" mechanisms in place - the underlying TCP stream and what-
ever protocol is used over the PPP link - probably TCP again.  If packets
are lost, both levels will get in each others way trying to negotiate
sending of the missing packet.
--------

In this case, things are probably even more wrapped:
ssh uses "real" TCP connection, encryption layer  adds protocol
overhead, then PPP uses all this for its own packets, and finally
another TCP/IP stack is encapsulated.

Some kind of packet-for-packet encryption is probably more appropriate, like
encryption inside ppp (standard /usr/sbin/ppp claims to support MPPE,
but i've never tried that), or already mentioned in this thread pptpclient,
or mpd, or OpenVPN, or IPsec, or whatever.

However long time ago when there was no such variety of solutions,
i went ahead and simply wrapped ppp into ssh tunnel, and it just worked.
With good network connection i didn't experience any inconviniences,
even that i'm running ssh over that encrypted tunnel.

So here it is -- for those who want to try themselves.
Attached archive contains INSTALL instructions and scripts or pieces of
configuration files.

--
ghozzy

------=_Part_81522_22558994.1181379656212--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a066eefc0706090200s6e2d6b8bg781e212d95777561>