Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 25 Apr 1999 21:19:19 +0930 (CST)
From:      Kris Kennaway <kkennawa@physics.adelaide.edu.au>
To:        Theo Purmer <theo@tepucom.nl>
Cc:        "'freebsd-security@freebsd.org'" <freebsd-security@FreeBSD.ORG>
Subject:   Re: VPN
Message-ID:  <Pine.OSF.4.10.9904252105300.15092-100000@bragg>
In-Reply-To: <01BE8F18.6DF1C1E0@theo.tepucom.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, 25 Apr 1999, Theo Purmer wrote:

> Does anybody know if its possible
> to make a vpn (tunnel) with two freebsd
> hosts?

Absolutely - a system of PPP tunneled over SSH works well for me (the SSH
provides the encryption layer and PPP handles the networking). If you're going
between two freebsd hosts then tyou're probably best-off using the user-mode
ppp driver (man 8 ppp) which is generally "better" than the alternative pppd.
I haven't done this with ppp(8), but probably the way to go is to use the
PPP-over-TCP function and connect to localhost:someport on both ends, and set
up SSH to provide an encrypted tunnel via the -Lsomeport:remotehost:someport
option.

If you're wanting to communicate with a non-FreeBSD UNIX box then your best
bet is probably PPPD (kernel-mode ppp) - I haven't figured out how to make
ppp(8) inter-operate with pppd(8) when used as a tunnel (if anyone knows how
to make this work it would be helpful). Actually the version of PPPD in the
base tree doesn't support this as easily as the latest version (v2.3.7) - your
best bet would be to compile it separately (which is simple). Using pppd I
just do something like:

pppd pty "ssh -t remote.host.com pppd"

and then set up the network routes to route the desired IP addresses over the
tunnel.

These are both good "poor man's" solutions - a technically superior solution
(less overhead from all the layering and encapsulations) is IPSEC - look into
the KAME stuff if you're interested (www.kame.net).

Kris

-----
The Feynman problem-solving algorithm: 1. Write down the problem
                                       2. Think real hard
                                       3. Write down the solution



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.10.9904252105300.15092-100000>