HPE Community
Operating System - HP-UX
1819791 Members
3276 Online
109607 Solutions
New Discussion юеВ

Don't get SSH VPN Tunneling to work

 
SOLVED
Go to solution
Ralph Grothe
Honored Contributor

тАО06-16-2009 12:08 AM

тАО06-16-2009 12:08 AM

Don't get SSH VPN Tunneling to work

Hi,

as of OpenSSH's 4.3 release the relatively new SSH feature of VPN tunneling should work.

So I downloaded and installed HP's latest Secure Shell (OpenSSH port) for B.11.11 and configured to PermitRootLogins as well as PermitTunnel point-to-point for the SSH server on the HP-UX box which should function as the VPN gateway.

However, when I initiate (so far only manually, when things do work this should be done scripted by RSA authentication) a VPN ssh connection from a Linux SSH client (OpenSSH 4.3) I cannot discover the tun devices, neither on SSH server (HP-UX) nor SSH client (Linux).

Maybe I have missed something?
Has anyone tried the VPN feature with HP's Secure Shell who could give me a hint?

Here's the server side on the HP-UX box:

# uname -srv
HP-UX B.11.11 U

# swlist|grep -i secure\ shell
T1471AA A.05.10.045 HP-UX Secure Shell

# /usr/sbin/sshd -v 2>&1|head -3
sshd: illegal option -- v
OpenSSH_5.1p1+sftpfilecontrol-v1.2-hpn13v5, OpenSSL 0.9.8j 07 Jan 2009
HP-UX Secure Shell-A.05.10.045, HP-UX Secure Shell version

# /usr/sbin/sshd -T|grep -e permitroot -e permittunnel
permitrootlogin yes
permittunnel point-to-point


IP forwarding on the SSH server should also be enabled.

# ndd -h ip_forwarding

ip_forwarding:

Controls how IP hosts forward packets: Set to 0 to inhibit
forwarding; set to 1 to always forward; set to 2 to forward
only if the number of logical interfaces on the system is 2
or more. [0,2] Default: 2


# ndd -get /dev/ip ip_forwarding
2



From the Linux SSH client I issued the following:

# uname -sriv
Linux 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i386

# rpm -q openssh
openssh-4.3p2-16.el5

# ssh -S /var/run/my_%h_tun.sock -fMN -w 0:0 newa
root@newa's password:

# ssh -S /var/run/my_newa_tun.sock -O check newa
Master running (pid=16268)

# ps -fp 16268
UID PID PPID C STIME TTY TIME CMD
root 16268 1 0 09:55 ? 00:00:00 ssh -S /var/run/my_%h_tun.sock -fMN -w 0:0 newa


Now, according to the documentation I read, there should be tun devices be visible and configurable as endpoints for the VPN tunnel on both SSH client and server.

But these don't appear, so that I cannot continue to setup the tunnel.

What went wrong?

No tun device on the Linux SSH client:

# ifconfig -a|grep -c tun
0


None either on the HP-UX SSH server:

# ifconfig tun0
ifconfig: no such interface

# netstat -in|grep -c tun
0

Madness, thy name is system administration
0 Kudos
Reply
7 REPLIES 7
paolo barila
Valued Contributor

тАО12-22-2009 01:50 AM

тАО12-22-2009 01:50 AM

Re: Don't get SSH VPN Tunneling to work

similar problem here


OpenSSH_5.3p1, OpenSSL 0.9.8k 25 Mar 2009

# uname -a
HP-UX epstvm01 B.11.23 U ia64

# ssh -w5:5 0

Tunnel interfaces are not supported on this platform

!!!

share share share
0 Kudos
Reply
mvpel
Trusted Contributor

тАО12-22-2009 05:26 AM

тАО12-22-2009 05:26 AM

Re: Don't get SSH VPN Tunneling to work

You guys are using the OpenSSH build, rather than the HP-UX Secure Shell build.

Try uninstalling OpenSSH and installing the T1471AA package - I'm using version A.05.20.013, and A.05.30 is available now.

https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?productNumber=T1471AA

My ssh command doesn't complain about the -w option, though I have Tunnels turned off in the config for security so I can't say for sure if it would actually work if it were enabled.

It may be that whoever built the OpenSSH you're using didn't link it with or enable the tun() pieces.
0 Kudos
Reply
paolo barila
Valued Contributor

тАО12-22-2009 05:30 AM

тАО12-22-2009 05:30 AM

Re: Don't get SSH VPN Tunneling to work

I tried also with

OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5, OpenSSL 0.9.8l 5 Nov 2009
HP-UX Secure Shell-A.05.30.008, HP-UX Secure Shell version

but same answer:

# ssh -w5:5 0
Tunnel interfaces are not supported on this platform
Tunnel device open failed.



share share share
0 Kudos
Reply
Laurent Menase
Honored Contributor

тАО12-22-2009 05:45 AM

тАО12-22-2009 05:45 AM

Solution

Re: Don't get SSH VPN Tunneling to work

forget it,
tun driver on HPUX is restricted to ppp use only
so ssh will not be able to use tun to open vpn,
the only available vpn on hpux are with ipsec.
Reply
mvpel
Trusted Contributor

тАО12-22-2009 05:45 AM

тАО12-22-2009 05:45 AM

Re: Don't get SSH VPN Tunneling to work

Nevermind - I misread the post.
0 Kudos
Reply
paolo barila
Valued Contributor

тАО12-22-2009 05:58 AM

тАО12-22-2009 05:58 AM

Re: Don't get SSH VPN Tunneling to work

Thank you very much Laurent
I can't assign you points, cause is not my question, so I'll open one about vpn

Pablo
share share share
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО12-22-2009 06:41 AM

тАО12-22-2009 06:41 AM

Re: Don't get SSH VPN Tunneling to work

>Pablo: so I'll open one about VPN

http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1395618

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.