Christopher Marshall <christopherlmarshall@yahoo.com> wrote:

If you want to use ssh and pppd (by bringing up TAP to host networking first), you can also do that.  The key is the pty argument to pppd.  Instead of giving ppp a /dev/tty device, you can give it any command (such as an ssh command) that establishes two way communication through the pty argument to the other pppd (like pty "ssh -l user host pppd notty".  It's a little more complicated than that.

If the ethernet bridge doesn't work for you let me know and I can post a script I use to to ssh+pppd VPNs.

Chris Marshall.

Here are the details of how to do ppp+ssh VPNs.

First of all, and the same linux box, you can use pseudo tty's to setup a ppp connection between two pppd instances  like this:

   # pty/tty pair
   pppd /dev/ptyp0 nodetach local 10.5.0.1:10.5.0.2
   pppd /dev/ttyp0 nodetach local

The nodetach argument lets you run these commands from different xterms, watch their diagnostic output on stdout, and kill them with cntl-c when you are done.

Taking this a step further, you can do the same thing with a pty argument like this:

   # using pty argument
   pppd nodetach pty "pppd notty 10.5.0.1:10.5.0.2"
   pppd nodetach 10.5.0.2:10.5.0.2 pty "pppd notty"

Finally, you can connect two different hosts that can talk via ssh like this:

   # ssh/ppp VPN
   pppd nodetach 10.1.0.2:10.1.0.1 pty "ssh -l root remotehost pppd notty"

You might want to delete /etc/ppp/options before doing this, as other options can interfere with how this works.

Of course, you need to use rsa keys and the authorized_keys file to make ssh possible without password prompts or this won't work.

Chris Marshall