I am looking for the help with VPN using ppp on top of ssh.
Here is my testing environment and configuration:
I have two machines, one master and one slave. Both are running Redhat6.2,
two network interfaces and have IPchains (they are also serving as
firewalls).
Master:
eth0-master=1.0.0.1
eth1-master=192.168.0.1
Slave:
eth0-slave=2.0.0.1
eth1-slave=192.168.4.1
I have followed the installation guide for ssh VPN and got so far: when I
have the vpn connection, from master, I can ping 192.168.4.1 and vice
versa. But I can't ping any host behind slave (for example,
192.168.4.2...). And certainly I can't see hosts from network neighborhood
to each other either.
My startup script on master looks like:
#! /bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X
11/:
PPPAPP=/usr/sbin/pppd # pppd location on slave
ROUTEAPP=/sbin/route # route location on slave
PPPD=/usr/sbin/pppd
NAME=VPN
REDIR=/usr/local/bin/pty-redir
SSH=/usr/local/bin/ssh
TARGETIP=192.168.1.2
TARGETNET=192.168.4.0
MYPPPIP=192.168.1.1
MYNET=192.168.0.0
SLAVEWALL=hostname
SLAVEACC=vpn
NETMASK=255.255.255.0
test -f $PPPD || exit 0
set -e
case "$1" in
start)
echo ""
echo "Setting up $NAME..."
$REDIR $SSH -o 'Batchmode yes' -t -l $SLAVEACC $SLAVEWALL sudo
$PPPAPP noauth passive> /tmp/device
TTYNAME=`cat /tmp/device`
echo "$TTYNAME is tty"
echo "Setting up ppp in 10 seconds......"
sleep 10s
if [ ! -z $TTYNAME ]
then
$PPPD $TTYNAME ${MYPPPIP}:${TARGETIP} noauth
echo -n "Starting local ppp......"
echo "done!"
else
echo FAILED!
logger "$NAME setup failed"
fi
echo -n "Setting up local routes in 10 seconds......"
sleep 10s
route add -net $TARGETNET gw $TARGETIP netmask $NETMASK
$SSH -o 'Batchmode yes' -t -v -l $SLAVEACC $SLAVEWALL sudo
$ROUTEAPP add -net $MYNET gw
$MYPPPIP netmask $NETMASK
echo "done!"
;;
stop)
ps -ax | grep "ssh -t -l $SLAVEACC " | grep -v grep | awk '{print
$1}' | xargs kill
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop}"
exit 1
;;
esac
exit 0
After the ppp connection was built, the routing table of master looks like:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.1 * 255.255.255.255
UH 0 0 0 eth1
192.168.1.2 * 255.255.255.255
UH 0 0 0 ppp0
master * 255.255.255.255 UH 0 0 0 eth0
1.0.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.4.0 192.168.1.2 255.255.255.0 UG 0 0 0
ppp0
192.168.0.0 * 255.255.255.0 U 0 0
0 eth1
27.0.0.0 * 255.0.0.0 U 0 0
0 lo
efault router 0.0.0.0 UG 0 0
0 eth0
The routing table of slave:
192.168.1.1 * 255.255.255.255
UH 0 0 0 ppp0
slave * 255.255.255.255
UH 0 0 0 eth0
192.168.4.1 * 255.255.255.255
UH 0 0 0 eth1
192.168.4.0 * 255.255.255.0 U 0 0
0 eth1
192.168.0.0 192.168.1.1 255.255.255.0 UG 0 0 0
ppp0
2.0.0.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0
0 lo
efault router1 0.0.0.0 UG 0 0
0 eth0
If I do ifconfig to see ppp interface on master, it looks like:
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.1.1 P-t-P:192.168.1.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
on slave:
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.1.2 P-t-P:192.168.1.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
I hardly could see the problem here. Does anyone have similar experience?
Thanks in advance.
Alan
