Hi, Matthew and list.
On 22 May 2014 06:24, Matthew Reeve <[email protected]> wrote:
> It has been known for a long time that this is actually a really terrible
> idea:
>
> http://sites.inka.de/~W1011/devel/tcp-tcp.html
>
> It might appear to work just fine on completely uncongested links with zero
> packet loss, but theory says that as soon as there is any congestion at all,
> it will break horribly.
I saw that link too when I found the pvpn project. If I understand
the theory correctly, the problem is mainly that TCP as a
connection-oriented protocol is not suitable for being used in
long-alive, lossy environment because once the underlying connection
hangs or aborts, upper layer applications all suffer.
PPP over SSH may be too specific for `pty' option of pppd. Something
like the following should also do its job.
while true ; do nc -ulp 7001 -c '/usr/sbin/pppd noauth nodetach
notty' ; read x ; [ -n "$x" ] && break; done
But busybox netcat does not support UDP mode yet, so I just keep it
the SSH way. I am using PPPoSSH with ipset-enabled dnsmasq [1] mainly
for accessing and accelerating the speed of several websites. Well,
I myself quite enjoy the outcome.
PPPoSSH also has the limitation that usually we need to login with
root (or users with CAP_NET_ADMIN?). This can be generalized into
something like PPPoPTY which can be quite versatile and flexible. How
do you like it?
Thank you for your input.
Regards.
[1] dnsmasq: add ipset and auth compilation options.
http://patchwork.openwrt.org/patch/5243/
yousong
>
>
>>This patch adds protocol support for PPP over SSH. The protocol name is
>>'pppossh' with the following options.
>>
>> - server, required, SSH server name.
>> - port, SSH server port.
>> - sshuser, required, SSH login username.
>> - identity, list of client private key files. ~/.ssh/id_{rsa,dsa} will
>> be used if no identity file was specified. At least one of them must
>> be valid key file for the public key authentication to proceed.
>> - ipaddr, local ip address to be assigned.
>> - peeraddr, peer ip address to be assigned.
>> - ssh_options, extra ssh client options.
>>
>>Because the protocol script file ppp.sh will be called with $HOME set to
>>'/', we need to explicitly set it to the right value so that dropbear
>>client can read '~/known_hosts' correctly.
>>
>>Signed-off-by: Yousong Zhou <yszhou4tech at gmail.com>
>>---
>>v1 -> v2
>>
>> - Use common option names as suggested by jow and nbd.
>> - Default to using ~/.ssh/id_{rsa,dsa} as the identity file.
>> - Set $HOME to correct value for the current user instead of unset it.
>>
>>v2 -> v3
>>
>> - Change type of acceptunknown to boolean.
>> - Squeeze multiple calls to proto_config_add_string to one.
>>
>>v3 -> v4
>>
>> - Use default identity files only when no explicit key files were
>> specified.
>> - Added a new option `ssh_options' which will be added as part of ssh
>> client options.
>> - Change the type of `port' option to int.
>> - Change the type of `identity` option to array type.
>>
>>v4 -> v5
>>
>> - Remove `acceptunknown' option. For dropbear client `-y' option can be
>> used, and for OpenSSH client it's '-o StrictHostKeyChecking xx'. Both
>> of
>> them can be specified through the `ssh_options'.
>> - Make variable `pty' local.
>>
>> package/network/services/ppp/Makefile | 2 +-
>> package/network/services/ppp/files/ppp.sh | 55
>> +++++++++++++++++++++++++++++
>> 2 files changed, 56 insertions(+), 1 deletions(-)
>>
>>diff --git a/package/network/services/ppp/Makefile
>>b/package/network/services/ppp/Makefile
>>index 9bf9616..a707985 100644
>>--- a/package/network/services/ppp/Makefile
>>+++ b/package/network/services/ppp/Makefile
>>@@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk
>>
>> PKG_NAME:=ppp
>> PKG_VERSION:=2.4.5
>>-PKG_RELEASE:=10
>>+PKG_RELEASE:=11
>>
>> PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
>> PKG_SOURCE_URL:=ftp://ftp.samba.org/pub/ppp/
>>diff --git a/package/network/services/ppp/files/ppp.sh
>>b/package/network/services/ppp/files/ppp.sh
>>index 8824409..19825b1 100755
>>--- a/package/network/services/ppp/files/ppp.sh
>>+++ b/package/network/services/ppp/files/ppp.sh
>>@@ -206,10 +206,65 @@ proto_pptp_teardown() {
>> ppp_generic_teardown "$@"
>> }
>>
>>+proto_pppossh_init_config() {
>>+ ppp_generic_init_config
>>+ proto_config_add_string server sshuser ipaddr peeraddr ssh_options
>>+ proto_config_add_string 'identity:list(string)'
>>+ proto_config_add_int port
>>+ available=1
>>+ no_device=1
>>+}
>>+
>>+proto_pppossh_setup() {
>>+ local config="$1"
>>+ local iface="$2"
>>+ local user="$(id -nu)"
>>+ local home=$(sh -c "echo ~$user")
>>+ local ip serv_addr errmsg
>>+ local opts pty
>>+
>>+ json_get_vars port sshuser identity ipaddr peeraddr ssh_options
>>+ json_get_var server server && {
>>+ for ip in $(resolveip -t 5 "$server"); do
>>+ ( proto_add_host_dependency "$config" "$ip" )
>>+ serv_addr=1
>>+ done
>>+ }
>>+ [ -n "$serv_addr" ] || errmsg="${errmsg}Could not resolve $server.\n"
>>+ [ -n "$sshuser" ] || errmsg="${errmsg}Missing sshuser option.\n"
>>+ [ -z "$identity" ] && identity="'$home/.ssh/id_rsa'
>>'$home/.ssh/id_dsa'"
>>+ {
>>+ local fn
>>+ for fn in $identity; do
>>+ [ -f "$fn" ] && opts="$opts -i $fn"
>>+ done
>>+ [ -n "$opts" ] || errmsg="${errmsg}Cannot find valid identity
>>file.\n"
>>+ }
>>+ [ -n "$errmsg" ] && {
>>+ echo -ne "$errmsg"
>>+ sleep 5
>>+ proto_setup_failed "$config"
>>+ exit 1
>>+ }
>>+ opts="$opts ${port:+-p $port}"
>>+ opts="$opts ${ssh_options}"
>>+ opts="$opts $sshuser@$server"
>>+ pty="env 'HOME=$home' /usr/bin/ssh $opts pppd nodetach notty noauth"
>>+ ippair="$ipaddr:$peeraddr"
>>+
>>+ ppp_generic_setup "$config" \
>>+ noauth pty "$pty" "$ippair"
>>+}
>>+
>>+proto_pppossh_teardown() {
>>+ ppp_generic_teardown "$@"
>>+}
>>+
>> [ -n "$INCLUDE_ONLY" ] || {
>> add_protocol ppp
>> [ -f /usr/lib/pppd/*/rp-pppoe.so ] && add_protocol pppoe
>> [ -f /usr/lib/pppd/*/pppoatm.so ] && add_protocol pppoa
>> [ -f /usr/lib/pppd/*/pptp.so ] && add_protocol pptp
>>+ [ -x /usr/bin/ssh ] && add_protocol pppossh
>> }
>>
>>--
>>1.7.2.5
> _______________________________________________
> openwrt-devel mailing list
> [email protected]
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
