[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: VPN using SSH and VTun

To: misc@openbsd.org
Subject: FW: VPN using SSH and VTun
From: Martinez Cpl Andres H <MartinezAH@MBW.USMC.MIL>
Date: Wed, 2 Jan 2002 10:29:05 -0500

Hi Folks,

Thanks for all your replies on- and off-line about setting up a VPN with
SSH. In the end, I decided to use PPP instead of VTun, and it's working to a
point. The problem that I'm having now is that the SSH connection keeps
dropping off after a while (not sure how long, it tends to stay up as long
as I keep a terminal open pinging across the connection, but otherwise it
it's gone after an hour or so.)

I stuck with essentially the same IP configuration that I diagrammed in my
last message, except that the NATing is taking place on the work machine,
and I'm using 10.0.0.1 <-> 10.0.0.2 for the PPP link.

from the work machine, I'm initiating SSH with teh following command line:

# ssh -f -C -p 443 -R 5000:localhost:5000 aaa.bbb.ccc.ddd "ping 10.0.0.1"

then I start the PPP connection from the home machine with the following
command:

# ppp -ddial vpppn

for a while I'll see the ssh/sshd process on both machines, and the ping
process on the home machine, but after a while the connection will
apparently drop, and I'll start getting errors from ppp as it tries to bring
the link back up.

My question, I suppose, is whether there is a way to script sshd to restart
automatically when it dies:

	while(true)
		ssh <args>;

I know this is a pretty basic question, but any answers would be
appreciated.

-----Original Message-----
From: Martinez Cpl Andres H 
Sent: Tuesday, January 01, 2002 10:49 AM
To: 'misc@openbsd.org'
Subject: VPN using SSH and VTun


Folks,

I have a question similar to the one posed on the 29th -- specifically, I
want to set up a VPN connection to my house through a firewall that
essentially only allows outgoing web traffic (HTTP/80 and SSL/443). As such,
it allows SSH conections to my openbsd machine on port 443. I'd like to set
up an SSH tunnel from my openbsd machine at work to my home machine and run
vtund as a point to point connection across that. From there, I'd run NAT on
the home machine and route everything intended for the subnet at work across
the vtun link. Below is a diagram of what I want to accomplish:
     
   WORK (Firewall/T1)          HOME (cable modem to internet)
/----------------------\  /------------------------------------\
|                      |  |                                    |
| 192.156.20.0 network |  |        openbsd(NAT) Win9x machines |
| openbsd (x.x.20.116) |  |       (192.168.x.x)  (192.168.x.x) |
|        \  \----------|--|--vtun---/  /  \              /     |
|         \------------|--|--SSH------/    \----LAN-----/      |
|                      |  |                                    |
\----------------------/  \------------------------------------/

presumably, the home machine's vtun interface would be given a static IP
from the 192.156.20.x range, and all traffic from 192.156.20.x would be
routed over vtun. 

My problem is that vtun seems relatively easy to use, but there is very
little documentation for OpenBSD. If any one could point me towards some
resources to use, the man pages seem fairly vague (at least for someone
who's pretty new to openbsd), and the examples given are geared towards
linux.

Finally, I'm also asking for a reality check. If ppp is a better choice for
setting this up, say so.

Thanks,
Marti

Follow-Ups:
- Re: FW: VPN using SSH and VTun
  - From: Saad Kadhi <bsdguy@docisland.org>

Prev by Date: Re: Does Symantec Ghost 7.5 work with BSD?
Next by Date: Re: Does Symantec Ghost 7.5 work with BSD?
Prev by thread: Re: VPN using SSH and VTun
Next by thread: Re: FW: VPN using SSH and VTun
Index(es):
- Date
- Thread