On Mon, 11 Jan 1999, DS wrote:
> Now that I've finally discovered the PPP modules :), I'm wondering if I
> can use it to set-up secure tunnels using SSH over a WAN (maybe
> internet)....
Yep!
> It looks like the pieces are there but perhaps someone has been doing
> this already and wants to share their findings. Assuming two multihomed
> Linux boxes doing the usual IP Masq between an internal network and the
> internet, both have NetWare servers and IPX working on the private
> sides. Can I create a tunnel (ideally with IPX routing) between two
> boxes over the WAN (not with modems)?
You need the special ssh. Grab it from ftp.solucorp.qc.ca/pub/misc. There
is a way to make it work with the stock ssh but I was unsucessful with
that.
In the dialout module dialog, select PPP over ssh, then go down to the PPP
over ssh section and fill it. You must tell
-the name of the ssh server
-You must also tell the account (it is not using the login/password entry
at the top of the dialog)
-You must tell if it is a shell account of ppp account. For a shell
account, linuxconf will generate the pppd command on the other side.
-You specify the encryption and compression type you want
-If it is a shell account, you must specify the path of the pppd command
if it is not /usr/sbin/pppd
-Select that you are using or not the patched ssh.
Then do
netconf --connect dialout-config-name
enter the password when prompt
from another terminal, you will see the ppp link is up. If not, check in
the home directory on both side for a .pppd-ssh.err to grab the various
error messages.
> Just a quick try and I do get SSH authenticated but one server box with
> modems fails (seems to be assuming a serial connection) and another gets
> the connection but I'm not sure of the correct settings.
You must also provide the IP on both side. Not absolute requierement.
Often, we allocate the IP from the serial port name, either by mapping the
name to IP using the DNS (the good solution) or by using the
/etc/ppp/options.tty files. When the ppp over ssh connection is
established, a pseudo-tty is used (which one ? The first available), so
you can't allocate the IP using the tty name reliably.
You probably need fix IP when doing tunelling anyway.
Anyway, give it a try. I am using that on a regular basis.
---------------------------------------------------------
Jacques Gelinas <[EMAIL PROTECTED]>
Check out Linuxconf at http://www.solucorp.qc.ca/linuxconf
New modules: mgettyconf, managerpm
---
You are currently subscribed to linuxconf as: [[email protected]]
To unsubscribe, forward this message to [EMAIL PROTECTED]
