PPPD - SSH - VPN Routing issues.
Results 1 to 5 of 5

Thread: PPPD - SSH - VPN Routing issues.

Hybrid View

  1. #1
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018

    PPPD - SSH - VPN Routing issues.

    I've been having a spot of bother with some of our friends from abroad - OK I'm uk based and could easily be accused of xenophobia.

    I was out in the Far East recently on company business and was tasked with getting the existing and inplace VPN working between our UK head offce and Far Eastern Office.

    It was a simple routing issue and hey presto - the VPN was established.

    Now ite seems that the relevant Government Officials have now blocked port 500 (Open VPN) and our router there (Billion BiGuard30) will not allow a differing port to be used and it seems that the UK end (IPCop Linux Distro) can't change the port either - or so I'v ebeen informed.

    Anyway not to be beaten it seems that you can use a little unix to get round this. Using pppd and ssh it is possible to set up a VPN using linux boxes. I used this recipie here: http://tldp.org/HOWTO/ppp-ssh/index.html to demonstrate a proof of concept bteween my laptop at work and my home PC.

    I can reliably bring up the ppp0 intrefaces at both ends and can hapily ping between the two ends.

    Using pppd I have set up the interface as :

    Laptop : 192.168.254.1
    Home PC : 192.168.254.254

    Laptop LAN - 172.31.0.0/16
    Laptop LAN IP - 172.31.3.73
    Home LAN - 10.200.1.0/24
    Home PC LAN IP 10..200.1.249

    I have my routing tables set as follows:
    Laptop:
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.254.254 * 255.255.255.255 UH 0 0 0 ppp0
    10.200.1.0 192.168.254.254 255.255.255.0 UG 0 0 0 ppp0
    172.31.0.0 * 255.255.0.0 U 0 0 0 eth0
    default xxx.xxx.xxx 0.0.0.0 UG 0 0 0 eth0

    Home PC
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.254.1 * 255.255.255.255 UH 0 0 0 ppp0
    10.200.1.0 * 255.255.255.0 U 0 0 0 eth0
    172.31.0.0 192.168.254.1 255.255.0.0 UG 0 0 0 ppp0
    default xxx.xxx.xxx 0.0.0.0 UG 0 0 0 eth0

    OK This is the bit that needs careful examination:
    From my laptop I can ping 10.200.1.249
    From my home PC I can ping 172.31.3.73
    From my Home TV (10.200.1.250) with an added route I can ping 172.31.3.73
    From a colleagues PC (172.31.3.252) with an added route I can ping 10.200.1.249
    From my Home TV (10.200.1.250) with added routes I can ping 172.31.3.252
    From a colleagues PC (172.31.3.252) with added routes I can ping 10.200.1.250
    From my laptop I can not ping 10.200.1.250
    from my home PC can not ping 172.31.3.252

    I do not uderstand why the last 2 pings fail (Other networking between these two points fails as well)

    If anyone here can shed some light on these results I would be greatful.

    Regards,
    Steve
    Last edited by steve.milner; April 12th, 2007 at 03:24 PM.
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  2. #2
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Never mind - I've found the problem.

    Using tshark on the 10.200.1.249 Home PC while pinging from my laptop revealed:
    Capturing on ppp0
    0.000000 192.168.254.1 -> 10.200.1.250 ICMP Echo (ping) request
    0.992411 192.168.254.1 -> 10.200.1.250 ICMP Echo (ping) request
    1.992716 192.168.254.1 -> 10.200.1.250 ICMP Echo (ping) request

    There was no route set up for 192.168.254.1 on the TV Box

    Pings from other machines in the 172.31.0.0/16 network had a relevant source IP and hence a route back.

    route add -t host 192.168.254.1 gw 10.200.1.249

    on my TV box solved the problem.

    Hurrah I now have a proof of concept that uses SSH to create a VPN.

    Since I can route ssh over whatever port I like, that should thwart the little devils.

    I'll stop them spying on our traffic.

    Steve
    Last edited by steve.milner; April 12th, 2007 at 05:28 PM.
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hey Steve!

    You know it is the Grand National, and that those shower of monkeys are inveterate gamblers...........

    Tell them to bet on Joes Edge to win?.............. little buggers will get around eights?

    Yorkshire haven't won the National since Merryman II back in the 1960's

    Each way? (that's a place bet to you Yanks) try Spring Breeze if it runs............

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Yeah, perhaps I should send an email into our office there.

    I know they're reading emails. while I was over there I tried to send mail from my own mail server via AUTH & TLS but thunderbird borked when I pressed send.

    So I did a telnet to my mail server (port 25) and ehlo returned 'command not implemented'.

    Like hell, I thought that's my own mail server and I know it was working fine when I was in Taiwan. So a quick ssh to a box in the uk and the same telnet and ehlo replied correctly.

    So I guess someone was sitting in the middle of the original attempt to send my mail.

    Very sneaky.


    Gah, just got Dun Doire on the sweepstake at work.

    Regards,
    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  5. #5
    Junior Member
    Join Date
    Nov 2012
    Posts
    1

    SSH VPN

    SSH tunnels offer a method to bypass firewalls that command sure web services farewell as a website permits outgoing connections. As an example, at workplace users is also blocked by some firewalls to access to social websites like facebook and youtube directly through eighty ports. However users might not would like to possess their internet traffic blocked by the firewalls and filters and want to be ready to unblock facebook and youtube. If users will hook up with AN external SSH server, they will produce AN SSH tunnel to forward a given port on their native machine to port eighty on an overseas internet server to bypass those firewalls and filters to unblock facebook and youtube.

    View SSH VPN Details

Similar Threads

  1. routing issues
    By Godsrock37 in forum Newbie Security Questions
    Replies: 3
    Last Post: February 19th, 2007, 11:55 AM
  2. workstation to net, via server ?
    By foxyloxley in forum General Computer Discussions
    Replies: 8
    Last Post: June 22nd, 2005, 11:37 PM
  3. Researchers envision the Linux of routing
    By SDK in forum AntiOnline's General Chit Chat
    Replies: 0
    Last Post: April 20th, 2004, 02:16 PM
  4. anyone want to help me with some cisco hw?
    By Simo in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: October 28th, 2003, 02:47 PM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 08:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •