Re: IP TUNNEL / was Re: doesn't anybody use tunnelling / vpn?
Hi folks, I'm certainly no expert in this field, but until some BOFH put up a firewall between college and my ISP, the following worked for me (should be all on one line...): ssh -C -P -f -L 8181:localhost:8080 remotehost.com sleep 365d /dev/null 21 This will create an encrypted tunnel between port 8181 on your machine and port 8080 on remotehost.com (you must have RSA authentication working for SSH so it doesn't ask you for a password). Put that in a little script file, and run it when you need the tunnel. It should stay up indefinately, but if it doesn't, run your script again. Too easy. Of course, if you want to tunnel lots of different services (the above is only good for a web proxy, but adapt the ports for whatever you need), it's going to get prohibitively complicated. BTW, I don't believe that sleep needs to be as long as I have done it - that was just what I ended up with to be on the safe side. HTH, damon Quoth Krzys Majewski, On Wed, 27 Sep 2000, will trillich wrote: hi. i have no clue about all this fancy stuff. sounds delightfully cool. if you get it straightened out, PLEASE post a 'SOLVED' message so that the rest of us dunces (speaking for what i hope is a large group and not just me) can learn from your experience... by the way -- HOW did you set up those tunnels? what package, what command, what script? OK I'm a bit hesitant about posting my solution since I figure there's probably a simpler and better way, but here goes. Please note that I'm only doing this because it's the only way I know for e.g. reading news on my school's news server, given that my ISP is LargeFacelessCorporation.com and not my school's modem pool. I'm not doing it just because it's a neat trick or whatever. Peace. First, I put the following two lines in the iface eth0 section of my /etc/network/interfaces. (I talk to the world through an ethernet card, if this is not the way you do things you'll have to find some other way, like your /etc/ppp/ip-up script or whatever): up /etc/init.d/tcp-pipes start down /etc/init.d/tcp-pipes stop The tcp-pipes script is attached. The way I do it, this script runs a command on the remote machine. The command does nothing: it just hangs. I've jimmied things on the other end so that only one instance of this command (there's actually three of them, they're called imapl, newsl, and maill if I remember right) can run at a time. Otherwise, I'd eventually have a million of these things running on the remote machine and the sysadmins at school would hate me. I've done this with a C program (attached) which reads a PID from a file, nukes the process, writes its PID to the same file, and hangs forever. You can maybe do the same thing with a shell script. Uh, I think that's all. Then I just tell my mail and news clients to talk to, say, port 6143 on the localhost instead of port 143 on the remote host. Hope this helps. -chris -- Damon Muller | Did a large procession wave their torches Criminologist/Linux Geek | As my head fell in the basket, http://killfilter.com | And was everybody dancing on the casket... PGP (GnuPG): A136E829 | - TBMG, Dead pgpaozALDIIer.pgp Description: PGP signature
Re: IP TUNNEL / was Re: doesn't anybody use tunnelling / vpn?
ssh -C -P -f -L 8181:localhost:8080 remotehost.com sleep 365d /dev/null 21 OK this is basically the same thing I do. The only problem I can see with the above is, if you have to run this thing several times, you might get several orphaned sleep 365d processes on your remote machine. So instead of sleep, I use a command that kills any previous instance of itself before running. -chris
IP TUNNEL / was Re: doesn't anybody use tunnelling / vpn?
On Tue, Sep 26, 2000 at 07:51:10PM +1100, Damon Muller wrote: I don't know if it's sophisticated enough for what you want to do, but setting up port forwarding using ssh is very easy. If all you want to do is something like secure mail transfer, then it'll take you mere seconds to set up, and require no additional software or kernel compilation. If you want to do something more sophisticated, them I'm afraid that I can't help you. sounds quite intriguing! care to share a few shell command snippets? i've also tried the ssh connect then pppd overlay with dismal results. but i finally have succeeded (to some level, maybe not what i need, but it's a start) with this: # create new device ip tunnel add $DEV \ local $OUTSIDE_HERE \ remote $OUTSIDE_THERE \ mode gre # talk between these two points (with network on far end) ifconfig $DEV $INSIDE_HERE pointopoint $INSIDE_THERE \ netmask 255.255.255.0 # now re-establish our firewall rules to include the new gadget ipmasq any caveats to watch for, there? -- still can't figure out what's wrong here, tho-- # ip link list Cannot send dump request: Connection refused # ip address show Cannot send dump request: Connection refused # ip route show Cannot send dump request: Connection refused # ip neigh show Cannot send dump request: Connection refused
Re: IP TUNNEL / was Re: doesn't anybody use tunnelling / vpn?
Missed the start of this thread. I need to do some tunnelling as well. Here's the setup. I use my school's smtp/imap/news servers. The servers can only be accessed from cs.ubc.ca (at least, I haven't had any luck using them from elsewhere). My isp is not cs.ubc.ca. I'm currently getting around this problem via a messy ssh -L hack; namely, setting up port forwarding between my home machine and a server at school, then running a noninteractive hanging program on the other end to keep the tunnel open. In this way I have set up three pipes/tunnels, localhost:6025-remotehost:25, localhost:6119-remotehost:119, and localhost:6143-remotehost:6143. It works but the tunnels break sometimes (like when I suspend my machine) and I have to restart them occasionally. Anyone have a better way? -chris
Re: doesn't anybody use tunnelling / vpn?
Amaury Darsch wrote: Ok, Looks like you are really suffering with this one - I'll try to do my best to help you. We will go step by step ... thanks! you have no idea...! a) I assume you work with the kernel 2.2.17 # uname -a Linux server 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown b) Check the kernel network config - the ip command is very picky about this Note that in the example below - the IP tunneling and GRE are modules I'll give you my config here. x * Packet socket x x [*] Kernel/User netlink socket x x [*] Routing messages x x Netlink device emulation x x [*] Network firewalls x x [*] Socket Filtering x x * Unix domain sockets x x [*] TCP/IP networking x x [*] IP: multicasting x x [*] IP: advanced router [*] IP: policy routing x x [ ] IP: equal cost multipath x x [ ] IP: use TOS value as routing key x x [*] IP: verbose route monitoring x x [ ] IP: large routing tables x x [ ] IP: fast network address translation x x [ ] IP: kernel level autoconfiguration x x [*] IP: firewalling x x [ ] IP: firewall packet netlink device x x [*] IP: use FWMARK value as routing key [*] IP: transparent proxy support x x [ ] IP: masquerading x x [ ] IP: optimize as router not host x x M IP: tunneling x x M IP: GRE tunnels over IP x x [*] IP: broadcast GRE over IP x x [ ] IP: multicast routing x x [*] IP: aliasing support x x [ ] IP: ARP daemon support (EXPERIMENTAL) well, um, newbiei'm not sure where to go to compare what i've got, with that. /newbieis it a source-code-tree thing? maybe a probe-command output? or modules from modconf? something from the bowels of /proc/net? dselect? my ipmasq works fine to connect my other two computers (2 mac, 1 windon't) to the 'net. so tcp/inetd.conf services are all hunky/dory. # lsmod Module Size Used by ip_gre 6168 1 slip7388 0 (autoclean) ppp20684 0 (autoclean) slhc4436 1 (autoclean) [slip ppp] nls_koi8-r 3400 0 (unused) tap12284 0 (unused) netlink_dev 1552 0 (unused) tap02284 0 (unused) af_packet 6040 0 (autoclean) serial 19564 1 (autoclean) 3c509 6548 2 ipv6 92464 -1 ipip5156 0 ip_masq_ftp 2456 0 unix 10212 15 (autoclean) so i've got ipip and ip_gre installed, PLUS the tap and netlink things mentioned for TUNNELV, which i also couldn't get going. c) install the gre module - without it - nothing will work modpobe ip_gre (or insmod ip_gre) Check that it is installed with the lsmod command. d) now the magic test - install the tunnel ip tunnel add tunl0 mode gre local 192.168.0.1 remote 192.168.0.2 If you have any error here (I saw some ioctl error) then do not bother to continue - you have a kernel problem. check that the tunnel is installed ip link show BOOM. # ip link show Cannot send dump request: Connection refused # ip addr show Cannot send dump request: Connection refused # ip route show Cannot send dump request: Connection refused # ip neigh show Cannot send dump request: Connection refused # ip tunnel show tunl0: ip/ip remote any local any ttl inherit nopmtudisc sit0: ipv6/ip remote any local any ttl 64 nopmtudisc gre0: gre/ip remote any local any ttl inherit nopmtudisc dave: gre/ip remote 208.7.139.219 local 208.33.90.85 ttl inherit why d'you suppose that tunnels are the only things it lets me show? what am i missing? You should see the following (more or less) 4: [EMAIL PROTECTED]: NOARP mtu 1476 qdisc noop link/gre 0.0.0.0 brd 0.0.0.0 5: [EMAIL PROTECTED]: POINTOPOINT,NOARP mtu 1476 qdisc noop link/gre 192.168.0.1 peer 192.168.0.2 it should, but does't. show goes bang, for me. except on tunnels. e) turn the link up ip link set dev tunl0 up check again that the link is up with ip link show 4: [EMAIL PROTECTED]: NOARP mtu 1476 qdisc noop link/gre 0.0.0.0 brd 0.0.0.0 5: [EMAIL PROTECTED]: POINTOPOINT,NOARP,UP mtu 1476 qdisc noqueue link/gre 192.168.0.1 peer 192.168.0.2 i use ifconfig to get it running. should i not? At this stage, the tunnel is set - you need to do the same with the peer. You will have also to set your routing table - If you have a gateway turn on the forwarding. My config has the firewall enabled - If you do the same make sure you install the right ACCEPT rule. But as far as I can see, the source of your problems seems located around a kernel config. Hope this will help ... thanks for your pointers! i wish i'd had them two weeks ago, but i didn't know what to ask for... here's what i've got that seems to work: #!/bin/sh # create new device ip tunnel add $DEV \ local
Re: IP TUNNEL / was Re: doesn't anybody use tunnelling / vpn?
Krzys Majewski wrote: Missed the start of this thread. I need to do some tunnelling as well. Here's the setup. I use my school's smtp/imap/news servers. The servers can only be accessed from cs.ubc.ca (at least, I haven't had any luck using them from elsewhere). My isp is not cs.ubc.ca. I'm currently getting around this problem via a messy ssh -L hack; namely, setting up port forwarding between my home machine and a server at school, then running a noninteractive hanging program on the other end to keep the tunnel open. In this way I have set up three pipes/tunnels, localhost:6025-remotehost:25, localhost:6119-remotehost:119, and localhost:6143-remotehost:6143. It works but the tunnels break sometimes (like when I suspend my machine) and I have to restart them occasionally. Anyone have a better way? -chris hi. i have no clue about all this fancy stuff. sounds delightfully cool. if you get it straightened out, PLEASE post a 'SOLVED' message so that the rest of us dunces (speaking for what i hope is a large group and not just me) can learn from your experience... by the way -- HOW did you set up those tunnels? what package, what command, what script? -- mailto:[EMAIL PROTECTED] http://www.dontUthink.com/
Re: IP TUNNEL / was Re: doesn't anybody use tunnelling / vpn?
On Wed, 27 Sep 2000, will trillich wrote: hi. i have no clue about all this fancy stuff. sounds delightfully cool. if you get it straightened out, PLEASE post a 'SOLVED' message so that the rest of us dunces (speaking for what i hope is a large group and not just me) can learn from your experience... by the way -- HOW did you set up those tunnels? what package, what command, what script? OK I'm a bit hesitant about posting my solution since I figure there's probably a simpler and better way, but here goes. Please note that I'm only doing this because it's the only way I know for e.g. reading news on my school's news server, given that my ISP is LargeFacelessCorporation.com and not my school's modem pool. I'm not doing it just because it's a neat trick or whatever. Peace. First, I put the following two lines in the iface eth0 section of my /etc/network/interfaces. (I talk to the world through an ethernet card, if this is not the way you do things you'll have to find some other way, like your /etc/ppp/ip-up script or whatever): up /etc/init.d/tcp-pipes start down /etc/init.d/tcp-pipes stop The tcp-pipes script is attached. The way I do it, this script runs a command on the remote machine. The command does nothing: it just hangs. I've jimmied things on the other end so that only one instance of this command (there's actually three of them, they're called imapl, newsl, and maill if I remember right) can run at a time. Otherwise, I'd eventually have a million of these things running on the remote machine and the sysadmins at school would hate me. I've done this with a C program (attached) which reads a PID from a file, nukes the process, writes its PID to the same file, and hangs forever. You can maybe do the same thing with a shell script. Uh, I think that's all. Then I just tell my mail and news clients to talk to, say, port 6143 on the localhost instead of port 143 on the remote host. Hope this helps. -chris #! /bin/sh # # Port forwarding to servers which would otherwise refuse connections from us # echo $* NAME=`basename $0` PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin SSH=/usr/bin/ssh2 # careful! there might be an ssh in the current dir SSHBASENAME=`basename ${SSH}` SSHFLAGS=-f -x HOST=cascade.cs.ubc.ca USER=majewski PRG=loop start() { LOCALPORT=$1 DEST=$2 REMOTEPORT=$3 PIPE=$4 SSHARGS=${SSHFLAGS} -l ${USER} -L ${LOCALPORT}:${DEST}:${REMOTEPORT} ${HOST} ${PIPE}l PIDFILE=/var/run/${PIPE}-pipe.pid #echo -n Starting ${PIPE}: if [ -e ${PIDFILE} ]; then rm ${PIDFILE} fi start-stop-daemon --start --verbose --background --make-pidfile --pidfile ${PIDFILE} --exec ${SSH} -- ${SSHARGS} if [ $? -eq 0 ]; then fixpid ${PIPE} ${PIDFILE} fi #echo ${PIPE}. } # Wait for the PIDFILE to get the initial PID of the ssh process # Wait for the ssh process to exec() to a different PID # Put the new PID in the PIDFILE fixpid() { PIPE=$1 PIDFILE=$2 PID= NEWPID= COUNT=1 MAXCOUNT=10 GOTCHA=false while [ ${PID} = ]; do if [ ${COUNT} -gt ${MAXCOUNT} ]; then logger ${NAME}: initial PID not found for ${PIPE} logger ${NAME}: continuing anyway... break fi if [ -e ${PIDFILE} ]; then PID=`cat ${PIDFILE}` fi COUNT=`expr ${COUNT} + 1` sleep 1 done # sleep until the process with the old PID goes away # can't use 'wait' because the ssh process is not our child COUNT=1 while ps h -o pid -p ${PID} /dev/null; do if [ ${COUNT} -gt ${MAXCOUNT} ]; then logger ${NAME}: new PID not found for ${PIPE} logger ${NAME}: continuing anyway... break fi COUNT=`expr ${COUNT} + 1` GOTCHA=true sleep 1 done NEWPID=`ps h -C ${SSHBASENAME} | grep ${PIPE} | awk '{print $1}'` if [ ${NEWPID} = ]; then logger ${NAME}: Empty PID, you may have to stop ${PIPE} manually later on else echo ${NEWPID} ${PIDFILE} fi } stop() { PIPE=$1 PID= #echo -n Stopping ${PIPE}: PIDFILE=/var/run/${PIPE}-pipe.pid start-stop-daemon --stop --verbose --pidfile ${PIDFILE} if [ $? -ne 0 ]; then PID=`ps h -C ${SSHBASENAME} | grep ${PIPE} | awk '{print $1}'` if [ ${PID} != ]; then echo Killing ${PIPE} pipe by brute force logger ${NAME}: Killing ${PIPE} pipe by brute force # ask process to die honorably kill -TERM ${PID} # coup de grace if necessary PID=`ps h -C ${SSHBASENAME} | grep ${PIPE} | awk '{print $1}'` if [ ${PID} != ]; then kill -KILL ${PID} fi else logger ${NAME}: Couldn't find PID for ${PIPE}, not killing fi fi rm -f ${PIDFILE} #echo ${PIPE}. } startImap()
doesn't anybody use tunnelling / vpn?
AAUGH! NOBODY seems to be tunneling anywhere. i must be alone... my inquiries about vpn and tunnelling have met with deafening silence. am i the only person trying to get these going? it seems like such a no-brainer tool that i'd expect LOTS of us to be using vpn (or trying to get it running). or is there a club meeting somewhere that gathers to laugh at all my ignorant posts on the issue? (on the other hand, maybe y'all are waiting for me to finally munch my bloodied head through the other end so you can ask me how i did it? expect a looong wait.) i'm going NUTS here... help! pointers would be handy, but i've found many documents hither and yon on the 'net and NONE have been turnkey... there's always some obscure obstacle or error message that i have no clue as to the meaning behind it. is there a debianized tunnel module i can get running? not tunnelv tried iptunnel got pptpd moving on to something that makes sense to me (and works) -- i've tried tunnelv, ipip, ipsec, several others. shotgun/machine-gun approach: apt-get install, try, be baffled by errors or no results, try another. no hits. dead ends everywhere, without understanding anything of the messages behind them. even with http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO-5.html i'm not having ANY success. # iptunnel add TEST mode gre remote 208.33.90.85 local 208.7.139.219 ttl 255 # ip addr add 192.168.0.1 dev TEST Cannot send dump request: Connection refused what's that mean? # lsmod Module Size Used by nbd13104 0 (unused) lockd 31120 1 (autoclean) sunrpc 52432 1 (autoclean) [lockd] serial 19568 0 (autoclean) netlink_dev 1552 0 (unused) ethertap2336 0 (unused) rtl813911520 1 ipv6 92464 -1 ipip5168 0 ip_masq_user2544 0 (unused) ip_masq_raudio 2944 0 (unused) ip_gre 6176 1 ip_masq_cuseeme 1120 0 (unused) ip_masq_autofw 2448 0 (unused) ip_masq_irc 1600 0 (unused) ip_masq_portfw 2528 0 (unused) ip_masq_mfw 3152 0 (unused) ip_masq_ftp 2464 0 (unused) ne2k-pci4080 1 83906048 0 [ne2k-pci] unix 10224 21 (autoclean) some dox i've seen mention needing the new_tunnel.o module. where do i get that? i haven't found it in modconf... help? help. help!
Re: doesn't anybody use tunnelling / vpn?
Well, most will require that you build them from source with your current kernel source tree someplace ( or at least access to the kernel-headers package for the kernel you are running ). Debian has a CIPE package in non-us (or did) but I think it is a source package, you need to build it. Woody has a vtun package ... vtun is cool but you are going to have to know what you are doing ... just like the rest of the packages. VTUN is probably best since it will work from behind a firewall (has a TCP mode and a SOCKS mode) while CIPE is UDP and you are probably not going to get return packets back through the firewall without admin intervention. On Mon, 25 Sep 2000, will trillich wrote: AAUGH! NOBODY seems to be tunneling anywhere. i must be alone... my inquiries about vpn and tunnelling have met with deafening silence. am i the only person trying to get these going? it seems like such a no-brainer tool that i'd expect LOTS of us to be using vpn (or trying to get it running). or is there a club meeting somewhere that gathers to laugh at all my ignorant posts on the issue? (on the other hand, maybe y'all are waiting for me to finally munch my bloodied head through the other end so you can ask me how i did it? expect a looong wait.) i'm going NUTS here... help! pointers would be handy, but i've found many documents hither and yon on the 'net and NONE have been turnkey... there's always some obscure obstacle or error message that i have no clue as to the meaning behind it. is there a debianized tunnel module i can get running? not tunnelv tried iptunnel got pptpd moving on to something that makes sense to me (and works) -- i've tried tunnelv, ipip, ipsec, several others. shotgun/machine-gun approach: apt-get install, try, be baffled by errors or no results, try another. no hits. dead ends everywhere, without understanding anything of the messages behind them. even with http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO-5.html i'm not having ANY success. # iptunnel add TEST mode gre remote 208.33.90.85 local 208.7.139.219 ttl 255 # ip addr add 192.168.0.1 dev TEST Cannot send dump request: Connection refused what's that mean? # lsmod Module Size Used by nbd13104 0 (unused) lockd 31120 1 (autoclean) sunrpc 52432 1 (autoclean) [lockd] serial 19568 0 (autoclean) netlink_dev 1552 0 (unused) ethertap2336 0 (unused) rtl813911520 1 ipv6 92464 -1 ipip5168 0 ip_masq_user2544 0 (unused) ip_masq_raudio 2944 0 (unused) ip_gre 6176 1 ip_masq_cuseeme 1120 0 (unused) ip_masq_autofw 2448 0 (unused) ip_masq_irc 1600 0 (unused) ip_masq_portfw 2528 0 (unused) ip_masq_mfw 3152 0 (unused) ip_masq_ftp 2464 0 (unused) ne2k-pci4080 1 83906048 0 [ne2k-pci] unix 10224 21 (autoclean) some dox i've seen mention needing the new_tunnel.o module. where do i get that? i haven't found it in modconf... help? help. help! -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: doesn't anybody use tunnelling / vpn?
On Mon, Sep 25, 2000 at 09:33:46PM -0700, George Bonser wrote: Well, most will require that you build them from source with your current kernel source tree someplace ( or at least access to the kernel-headers package for the kernel you are running ). Debian has a CIPE package in non-us (or did) but I think it is a source package, you need to build it. Woody has a vtun package ... vtun is cool but you are going to have to know what you are doing ... just like the rest of the packages. VTUN is probably best since it will work from behind a firewall (has a TCP mode and a SOCKS mode) while CIPE is UDP and you are probably not going to get return packets back through the firewall without admin intervention. tried cipe for five days. no grok. many tears. much hair loss. tried vtun. same level of success: negative. tried tunnelv. same. before i worry about the fancy encryption and all, isn't there a way to configure a tunl0 or ethertap or netlink device to do quick and dirty publicly-visible tunnelling? there's gotta be a primary missing component that i've not got set up. according to the iproute2 ip-tunnels.ps dox much is possible via simple ip and routing calls: # ip tunnel add tunl0 mode gre remote 208.7.139.219 local 208.33.90.85 ioctl: No buffer space available # ipmasq # ip tunnel add DIODE mode gre remote 208.7.139.219 local 208.33.90.85 # ifconfig DIODE 192.168.0.1 # ip route add 192.168.0.0/24 via 208.7.139.219 dev DIODE onlink Cannot send dump request: Connection refused # ip link list Cannot send dump request: Connection refused # ip address show Cannot send dump request: Connection refused # ip route show Cannot send dump request: Connection refused # ip neigh show Cannot send dump request: Connection refused regardless of which package i try, i get some constipation like this that's entirely obscure to me. # cat /proc/net/dev Inter-| Receive| Transmit face |bytespackets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo:25554026 210930000 0 0 0 25554026 210930000 0 0 0 tunl0: 0 0000 0 0 00 0000 0 0 0 sit0: 0 0000 0 0 00 0000 0 0 0 eth0:82258414 735457303 3 0 0 211845383 519312000 158 1 0 eth1:227361827 394335607 6 0 0 128792826 421015000 572 0 0 tap0: 0 0000 0 0 00 0000 0 0 0 tap1: 0 0000 0 0 00 0000 0 0 0 ppp0: 57 0100 1 0 0 460 10000 0 0 0 sl0: 0 0000 0 0 0 924 11000 0 0 0 gre0: 0 0000 0 0 00 0000 0 0 0 DIODE: 0 0000 0 0 00 0000 0 0 0 what's missing? where do i look?
Re: doesn't anybody use tunnelling / vpn?
On Mon, Sep 25, 2000 at 11:25:26PM -0500, will trillich wrote: am i the only person trying to get these going? it seems like such a no-brainer tool that i'd expect LOTS of us to be using vpn (or trying to get it running). Most of the people using VPNs are probably companies, and probably most of those that need it have paid sysadmins. They tend not to be the sort of people asking questions here. i'm going NUTS here... help! pointers would be handy, but i've found many documents hither and yon on the 'net and NONE have been turnkey... there's always some obscure obstacle or error message that i have no clue as to the meaning behind it. is there a debianized tunnel module i can get running? We use FreeSWAN, which isn't packaged yet. -- Mark Brown mailto:[EMAIL PROTECTED] (Trying to avoid grumpiness) http://www.tardis.ed.ac.uk/~broonie/ EUFShttp://www.eusa.ed.ac.uk/societies/filmsoc/ pgpMernpGopGU.pgp Description: PGP signature
Re: doesn't anybody use tunnelling / vpn?
Hi will, I don't know if it's sophisticated enough for what you want to do, but setting up port forwarding using ssh is very easy. If all you want to do is something like secure mail transfer, then it'll take you mere seconds to set up, and require no additional software or kernel compilation. If you want to do something more sophisticated, them I'm afraid that I can't help you. cheers, damon Quoth will trillich, AAUGH! NOBODY seems to be tunneling anywhere. i must be alone... my inquiries about vpn and tunnelling have met with deafening silence. am i the only person trying to get these going? it seems like such a no-brainer tool that i'd expect LOTS of us to be using vpn (or trying to get it running). or is there a club meeting somewhere that gathers to laugh at all my ignorant posts on the issue? (on the other hand, maybe y'all are waiting for me to finally munch my bloodied head through the other end so you can ask me how i did it? expect a looong wait.) i'm going NUTS here... help! pointers would be handy, but i've found many documents hither and yon on the 'net and NONE have been turnkey... there's always some obscure obstacle or error message that i have no clue as to the meaning behind it. is there a debianized tunnel module i can get running? not tunnelv tried iptunnel got pptpd moving on to something that makes sense to me (and works) -- i've tried tunnelv, ipip, ipsec, several others. shotgun/machine-gun approach: apt-get install, try, be baffled by errors or no results, try another. no hits. dead ends everywhere, without understanding anything of the messages behind them. even with http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO-5.html i'm not having ANY success. -- Damon Muller | Did a large procession wave their torches Criminologist/Linux Geek | As my head fell in the basket, http://killfilter.com | And was everybody dancing on the casket... PGP (GnuPG): A136E829 | - TBMG, Dead pgpMLwleKEkOz.pgp Description: PGP signature