Question about routing and an ssh based vpn.
hartzell at alerce.com
Thu Feb 9 11:48:30 PST 2006
I have set up an ssh based vpn between a -STABLE laptop and a 5.3
server. I can ping either end from the other. I'd like to route
traffic from the laptop to the public IP address of the server but it
doesn't seem to work. I can, as a sanity test, route packets from
the server to the laptop's ath0 IP address.
I can't figure out why I can get it to work one way and not the
I have a laptop that I roam around with and a server for mail and
stuff. The laptop is running
FreeBSD 6.0-STABLE #7: Thu Jan 26 11:53:51 PST 2006
and the server is running (the cobbler's kids don't have any shoes...)
FreeBSD 5.3-STABLE #10: Sun Feb 6 17:25:02 PST 2005
I've been working on setting up an ssh based vpn between the laptop
and one of my servers, based on various recipes on the net.
The way it's currently set up, the laptop end of the ppp link is
192.168.72.178 and the server end of the link is 192.168.72.177 (using
addresses cribbed from one of the HOWTOs).
I can bring the link up and pinging one end from the other works fine
(e.g. the laptop can ping 192.168.72.177 and the server can ping
If I change various references to the server's name/IPADDR (e.g. DS in
sendmail.cf, pop3s server) to refer to the server end of the ppp link,
then mail etc... work as desired. I'd rather not have to swap them
around when I want to use the vpn.
The laptop is connecting to the net via it's wireless interface, and
gets a private (10.xxx.yyy.zzz) address. As expected, even with the
vpn up trying to ping that address from the server fails. If I add a
route on the server
route add -host 10.xxx.yyy.zzz 192.168.72.178
then the server is able to ping the laptop's private address.
That's not really useful to me but I tried it as a sanity check whilst
trying to debug my real problem.
I'd like to be able to connect to the public ip address of my server
(A.B.C.D) from the laptop over the vpn. If I add a route on the laptop
route add -host A.B.C.D 192.168.72.177
I am unable to ping A.B.C.D *and* I am no longer able to ping
net.inet.ip.forwarding is 0 on both machines.
I am not running any firewalls on the server.
Here is /etc/ppp/ppp.conf for the server:
# setup for nomadic ppp vpn via ssh.
set ifaddr 192.168.72.177 192.168.72.178 255.255.255.255
And here is /etc/ppp/ppp.conf from the laptop:
set ifaddr 192.168.72.178 192.168.72.177 255.255.255.255
set device "!env SSH_ASKPASS= SSH_AUTH_SOCK= ssh -e none -i /etc/ppp/nomadic-pp
I bring up the link with
/usr/sbin/ppp -auto nomadic-ppp
Does anyone have any suggestions? I've thrashed about with proxy and
proxy_all and setting net.inet.ip.forwarding=1 and anything else that
occurs to me.
I'd happily just assume that I don't know what I'm doing, except that
I can get it to work in reverse.
Is/was there a difference between 5.3 and 6.0 that might be tripping
Thanks for any help,
More information about the freebsd-questions