Christopher Marshall <firstname.lastname@example.org> wrote:
Here are the details of how to do ppp+ssh VPNs.
If you want to use ssh and pppd (by bringing up TAP to host networking first), you can also do that. The key is the pty argument to pppd. Instead of giving ppp a /dev/tty device, you can give it any command (such as an ssh command) that establishes two way communication through the pty argument to the other pppd (like pty "ssh -l user host pppd notty". It's a little more complicated than that.
If the ethernet bridge doesn't work for you let me know and I can post a script I use to to ssh+pppd VPNs.
First of all, and the same linux box, you can use pseudo tty's to setup a ppp connection between two pppd instances like this:
pppd /dev/ptyp0 nodetach local 10.5.0.1:10.5.0.2
pppd /dev/ttyp0 nodetach local
The nodetach argument lets you run these commands from different xterms, watch their diagnostic output on stdout, and kill them with cntl-c when you are done.
Taking this a step further, you can do the same thing with a pty argument like this:
# using pty argument
pppd nodetach pty "pppd notty 10.5.0.1:10.5.0.2"
pppd nodetach 10.5.0.2:10.5.0.2 pty "pppd notty"
Finally, you can connect two different hosts that can talk via ssh like this:
# ssh/ppp VPN
pppd nodetach 10.1.0.2:10.1.0.1 pty "ssh -l root remotehost pppd notty"
You might want to delete /etc/ppp/options before doing this, as other options can interfere with how this works.
Of course, you need to use rsa keys and the authorized_keys file to make ssh possible without
password prompts or this won't work.