VPN using bundled ppp?

ghozzy ghozzy at gmail.com
Sat Jun 9 09:00:58 UTC 2007 

Since this is not the first request, I'm cc'ing to the list.
Maybe others will find this helpful.

On 6/9/07, anwara <anwara at santori.austasia.biz> wrote:
> ----- Original Message -----
> From: "ghozzy" <ghozzy at gmail.com>
> To: "Baranov Dmitry" <admin at d-metrius.ru>
> Cc: <freebsd-stable at freebsd.org>
> Sent: Thursday, June 07, 2007 8:41 PM
> Subject: Re: VPN using bundled ppp?
>
>
> > On 6/7/07, Baranov Dmitry <admin at d-metrius.ru> wrote:
> >> Hi, all!
> >>
> >> Is it possible to use VPN connections using bundled ppp without
> >> installing any additional software in FreeBSD 6.2 STABLE?
> >>
> >> Dmitry "d-Metrius" Baranov
> >> ===
> >> e-mail: private: admin at d-metrius.ru
> >> www: http://www.d-metrius.ru
> >> icq: 87-97-07
> >
> > VPN connections between FreeBSD and what ? Another FreeBSD or Windows ?
> > I use VPN between FreeBSD and FreeBSD using ssh as a secure tunnel and
> > run /usr/sbin/ppp over that. Works very fine for me. If you mean that,
> > i can send you my configs and scripts.
> >
> > --
> > ghozzy
>
> Hi ghozzy
> Do you mind to send your config,  and little advice, tips or trick for vpn
> over ssh setting to my email?
>
> rgds
> anwara

I'm not claiming that this is the best configuration possible.
Specifically, man ppp says about PPP over TCP:
--------
The major disadvantage of this mechanism is that there are two "guaran-
teed delivery" mechanisms in place - the underlying TCP stream and what-
ever protocol is used over the PPP link - probably TCP again.  If packets
are lost, both levels will get in each others way trying to negotiate
sending of the missing packet.
--------

In this case, things are probably even more wrapped:
ssh uses "real" TCP connection, encryption layer  adds protocol
overhead, then PPP uses all this for its own packets, and finally
another TCP/IP stack is encapsulated.

Some kind of packet-for-packet encryption is probably more appropriate, like
encryption inside ppp (standard /usr/sbin/ppp claims to support MPPE,
but i've never tried that), or already mentioned in this thread pptpclient,
or mpd, or OpenVPN, or IPsec, or whatever.

However long time ago when there was no such variety of solutions,
i went ahead and simply wrapped ppp into ssh tunnel, and it just worked.
With good network connection i didn't experience any inconviniences,
even that i'm running ssh over that encrypted tunnel.

So here it is -- for those who want to try themselves.
Attached archive contains INSTALL instructions and scripts or pieces of
configuration files.

--
ghozzy

More information about the freebsd-stable mailing list