Question about routing and an ssh based vpn.

George Hartzell hartzell at alerce.com
Thu Feb 9 11:48:30 PST 2006


<quick summary>

 I have set up an ssh based vpn between a -STABLE laptop and a 5.3
 server.  I can ping either end from the other.  I'd like to route
 traffic from the laptop to the public IP address of the server but it
 doesn't seem to work.  I can, as a sanity test, route packets from
 the server to the laptop's ath0 IP address.

 I can't figure out why I can get it to work one way and not the
 other.

 Help?

</quick summary>

I have a laptop that I roam around with and a server for mail and
stuff.  The laptop is running

  FreeBSD 6.0-STABLE #7: Thu Jan 26 11:53:51 PST 2006

and the server is running (the cobbler's kids don't have any shoes...)

  FreeBSD 5.3-STABLE #10: Sun Feb  6 17:25:02 PST 2005 

I've been working on setting up an ssh based vpn between the laptop
and one of my servers, based on various recipes on the net.

The way it's currently set up, the laptop end of the ppp link is
192.168.72.178 and the server end of the link is 192.168.72.177 (using
addresses cribbed from one of the HOWTOs).

I can bring the link up and pinging one end from the other works fine
(e.g. the laptop can ping 192.168.72.177 and the server can ping
192.168.72.178).

If I change various references to the server's name/IPADDR (e.g. DS in
sendmail.cf, pop3s server) to refer to the server end of the ppp link,
then mail etc... work as desired.  I'd rather not have to swap them
around when I want to use the vpn.

The laptop is connecting to the net via it's wireless interface, and
gets a private (10.xxx.yyy.zzz) address.  As expected, even with the
vpn up trying to ping that address from the server fails.  If I add a
route on the server

  route add -host 10.xxx.yyy.zzz 192.168.72.178

then the server is able to ping the laptop's private address.

That's not really useful to me but I tried it as a sanity check whilst
trying to debug my real problem.

I'd like to be able to connect to the public ip address of my server
(A.B.C.D) from the laptop over the vpn.  If I add a route on the laptop

  route add -host A.B.C.D 192.168.72.177

I am unable to ping A.B.C.D *and* I am no longer able to ping
192.168.72.177.

net.inet.ip.forwarding is 0 on both machines.

I am not running any firewalls on the server.

Here is /etc/ppp/ppp.conf for the server:
# setup for nomadic ppp vpn via ssh.
nomadic-ppp:
 set ifaddr 192.168.72.177 192.168.72.178 255.255.255.255

And here is /etc/ppp/ppp.conf from the laptop:
nomadic-ppp:
 set ifaddr 192.168.72.178 192.168.72.177 255.255.255.255
 set dial
 set device "!env SSH_ASKPASS= SSH_AUTH_SOCK= ssh -e none -i /etc/ppp/nomadic-pp

I bring up the link with
  /usr/sbin/ppp -auto nomadic-ppp

Does anyone have any suggestions?  I've thrashed about with proxy and
proxy_all and setting net.inet.ip.forwarding=1 and anything else that
occurs to me.

I'd happily just assume that I don't know what I'm doing, except that
I can get it to work in reverse.

Is/was there a difference between 5.3 and 6.0 that might be tripping
me up?

Thanks for any help,

g.


More information about the freebsd-questions mailing list