HPE Community
Operating System - HP-UX
1821194 Members
3256 Online
109631 Solutions
New Discussion юеВ

Re: PPP over SSH

 
Andrew Bruce
Valued Contributor

тАО09-07-2006 11:15 PM

тАО09-07-2006 11:15 PM

PPP over SSH

Hi Folks,

I have a fairly simple problem:

I have a linux box in one network, and an HP-UX server (11i) in another. The only connection is via ssh.

I would like to configure a one-2-one VPN connection between the two processors using PPP running over SSH.

I have SSH configured fine, but I'm struggling to configure the HPUX side of the PPPD (I've not really dabbled with PPP before now).

The connection is initiated from the Linux box and I have a script, taken from http://www.faqs.org/docs/Linux-mini/ppp-ssh.html which I am trying to adapt for the HPUX side.

The problem I have is that the How-to was written for running ppp over ssh between two linux boxes. How do I translate the ppp command into HPUX-speak?

For example, the standard HPUX pppd doesn't have options for 'notty'. To deal with 'noauth', I guess I just omit it...

The script extract I am trying to get running, looks like:

--- Begin Script Extract ---
SERVER_HOSTNAME=target
SERVER_USERNAME=root
SERVER_IFIPADDR=192.168.3.2
CLIENT_IFIPADDR=192.168.3.1
LOCAL_SSH_OPTS="-P"
PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/:
PPPD=/usr/sbin/pppd
PPPD_HPUX=/usr/bin/pppd
SSH=/usr/bin/ssh
case "$1" in
start)
# echo -n "Starting vpn to $SERVER_HOSTNAME: "
# Altered command to run as root (naughty, I know)...
${PPPD} updetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -o Batchmode=yes ${PPPD_HPUX} nodetach debug 8 log -" ipparam vpn ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR}
# echo "connected."
;;
--- End Script Extract ---

You'll notice that I've got the HPUX pppd setup to output some debug. When I run the script, I get:
--- Begin Debug Output ---
Using interface ppp0
Connect: ppp0 <--> /dev/pts/5
9/8-12:11:12-22546 Hewlett-Packard PPP
9/8-12:11:12-22546 Version 2.0 Beta [26-Oct-2000 23:20:12 hpux-streams-hppa-export]
9/8-12:11:12-22546 Lock file /usr/spool/locks/LCK..tty created
9/8-12:11:12-22546 /usr/bin/pppd: Fatal error: Can't open '/dev/tty': No such device or address
Modem hangup
Connection terminated.
--- End Debug Output ---

Obviously, I haven't got the HPUX pppd setup correct. Looking at the man pages doesn't seem to help too much as they are focused on dial-up configs (which involve serial devices). As I'm doing this over IP, how do I do the linux equivalent of 'notty'?

Any help would be much appreciated (with points!)

Kind regards,

Andy Bruce
I Love it when a plan comes together!
0 Kudos
Reply
2 REPLIES 2
Steve Lewis
Honored Contributor

тАО09-08-2006 02:46 AM

тАО09-08-2006 02:46 AM

Re: PPP over SSH

I don't understand why you would want to run IP/PPP over ssh over IP?
Ssh gives you an encrypted tunnel facility over your existing base IP link, using port forwarding (see -L and -R parameters in man ssh).
You can add IP addresses to existing interfaces with something like ifconfig lan1:1

Please explain what the shortfall is that causes you to need ppp and I might also learn something that could be useful.
0 Kudos
Reply
Andrew Bruce
Valued Contributor

тАО09-08-2006 03:06 AM

тАО09-08-2006 03:06 AM

Re: PPP over SSH

Hi Steve,

The original reason was that I have an app that is a pain in the backside to configure for tunneling through SSH.

It struck me that creating a basic VPN would save this hassle, and PPP over SSH should be easy to set up (I am aware of the risk of running essentially TCP over TCP)

The client (on linux) establishes comms on one port, then the server and client both set up comm ports to each other based on a list of port ranges, and on the host names provided over the initial connection.

This requires a mixture of remote and local port forwarding, and hostname aliases to localhost, etc.

Overall, a pain.

I've since found a workaround, and so my reason for doing this now is curiosity!

It *can* be done, so I *should* be able to do it.

Obviously, setting this up in a pure Linux environment is straight forward, but under HPUX...

I guess I don't like quitting on a challenge!

Regards,

Andy Bruce
I Love it when a plan comes together!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.