On Thursday 08 September 2005 01.28, yippy ya yah wrote: > trying to get a ppp tunnel over ssh working.... > > server/gateway > ------------------- > ip.inet.net.forwarding=1 > > /etc/ppp/ppp.conf > vpn: > allow mode direct > set ifaddr 10.1.1.1 10.1.1.2 255.255.255.255 > > /etc/sudoers: > pppuser ALL = NOPASSWD: /usr/sbin/ppp > > ~pppuser/.ssh/authorized_keys > command="sudo /usr/sbin/ppp -direct vpn" ....key follows > > client > ------- > ip.inet.net.forwarding=1 > > /etc/ppp/ppp.conf > vpn: > set ifaddr 10.1.1.2 10.1.1.1 255.255.255.255 > set dial > set timeout 3600 > set device "!env SSH_AUTH_SOCK= ssh -C -c blowfish -i > /path/to/pppuser.key [EMAIL PROTECTED]" > > on the client, i can see tun0 get created and assigned 10.1.1.2, but > on the gateway, tun0 is created but no ip is assigned. (pf on both > devices has skip on tun, also disabled pf on both to test) > > 10.1.1/24 is not used anywhere in the network. > > if i "ssh -C -c blowfish -i pppuser.key [EMAIL PROTECTED]", i can see > sudo ppp -direct vpn getting launched... > > what is the key ingredient i'm missing here to get the gateway to > assign tun0 10.1.1.1? or rather to get the tunnel up? > > both are i386, running the same snapshot: > OpenBSD 3.8 (GENERIC) #137: Thu Sep 1 17:41:20 MDT 2005 > [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC > > p.s. i'm not subscribed to [EMAIL PROTECTED], so please cc: on replies... > > thank you
Hi Mr/Ms/Mrs "yippy ya yah" Cool name ;-) I have seen you already have working answers to your question from from the list. Good! I only posted this to give you some hints for a hopefully better choice. A recommendation is to (if possible) not use TCP over TCP. Each layer has its own timer. And a packet loss situation can quickly cause a "meltdown". It will also often be slower. Use an UDP based connection as the carrier session to the upper TCP. One good choice is an UDP configured OpenVPN. If you are interested you can read more here on Olaf Titz page... http://sites.inka.de/sites/bigred/devel/tcp-tcp.html But you maybe have a very good reasons to use SSH... Thanks Per-Olov -- GPG keyID: 4DB283CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE
