-
April 12th, 2007, 03:21 PM
#1
PPPD - SSH - VPN Routing issues.
I've been having a spot of bother with some of our friends from abroad - OK I'm uk based and could easily be accused of xenophobia.
I was out in the Far East recently on company business and was tasked with getting the existing and inplace VPN working between our UK head offce and Far Eastern Office.
It was a simple routing issue and hey presto - the VPN was established.
Now ite seems that the relevant Government Officials have now blocked port 500 (Open VPN) and our router there (Billion BiGuard30) will not allow a differing port to be used and it seems that the UK end (IPCop Linux Distro) can't change the port either - or so I'v ebeen informed.
Anyway not to be beaten it seems that you can use a little unix to get round this. Using pppd and ssh it is possible to set up a VPN using linux boxes. I used this recipie here: http://tldp.org/HOWTO/ppp-ssh/index.html to demonstrate a proof of concept bteween my laptop at work and my home PC.
I can reliably bring up the ppp0 intrefaces at both ends and can hapily ping between the two ends.
Using pppd I have set up the interface as :
Laptop : 192.168.254.1
Home PC : 192.168.254.254
Laptop LAN - 172.31.0.0/16
Laptop LAN IP - 172.31.3.73
Home LAN - 10.200.1.0/24
Home PC LAN IP 10..200.1.249
I have my routing tables set as follows:
Laptop:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.254.254 * 255.255.255.255 UH 0 0 0 ppp0
10.200.1.0 192.168.254.254 255.255.255.0 UG 0 0 0 ppp0
172.31.0.0 * 255.255.0.0 U 0 0 0 eth0
default xxx.xxx.xxx 0.0.0.0 UG 0 0 0 eth0
Home PC
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.254.1 * 255.255.255.255 UH 0 0 0 ppp0
10.200.1.0 * 255.255.255.0 U 0 0 0 eth0
172.31.0.0 192.168.254.1 255.255.0.0 UG 0 0 0 ppp0
default xxx.xxx.xxx 0.0.0.0 UG 0 0 0 eth0
OK This is the bit that needs careful examination:
From my laptop I can ping 10.200.1.249
From my home PC I can ping 172.31.3.73
From my Home TV (10.200.1.250) with an added route I can ping 172.31.3.73
From a colleagues PC (172.31.3.252) with an added route I can ping 10.200.1.249
From my Home TV (10.200.1.250) with added routes I can ping 172.31.3.252
From a colleagues PC (172.31.3.252) with added routes I can ping 10.200.1.250
From my laptop I can not ping 10.200.1.250
from my home PC can not ping 172.31.3.252
I do not uderstand why the last 2 pings fail (Other networking between these two points fails as well)
If anyone here can shed some light on these results I would be greatful.
Regards,
Steve
Last edited by steve.milner; April 12th, 2007 at 03:24 PM.
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
April 12th, 2007, 05:23 PM
#2
Never mind - I've found the problem.
Using tshark on the 10.200.1.249 Home PC while pinging from my laptop revealed:
Capturing on ppp0
0.000000 192.168.254.1 -> 10.200.1.250 ICMP Echo (ping) request
0.992411 192.168.254.1 -> 10.200.1.250 ICMP Echo (ping) request
1.992716 192.168.254.1 -> 10.200.1.250 ICMP Echo (ping) request
There was no route set up for 192.168.254.1 on the TV Box
Pings from other machines in the 172.31.0.0/16 network had a relevant source IP and hence a route back.
route add -t host 192.168.254.1 gw 10.200.1.249
on my TV box solved the problem.
Hurrah I now have a proof of concept that uses SSH to create a VPN.
Since I can route ssh over whatever port I like, that should thwart the little devils.
I'll stop them spying on our traffic.
Steve
Last edited by steve.milner; April 12th, 2007 at 05:28 PM.
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
April 12th, 2007, 05:40 PM
#3
Hey Steve!
You know it is the Grand National, and that those shower of monkeys are inveterate gamblers...........
Tell them to bet on Joes Edge to win?.............. little buggers will get around eights?
Yorkshire haven't won the National since Merryman II back in the 1960's
Each way? (that's a place bet to you Yanks) try Spring Breeze if it runs............
-
April 13th, 2007, 09:18 AM
#4
Yeah, perhaps I should send an email into our office there.
I know they're reading emails. while I was over there I tried to send mail from my own mail server via AUTH & TLS but thunderbird borked when I pressed send.
So I did a telnet to my mail server (port 25) and ehlo returned 'command not implemented'.
Like hell, I thought that's my own mail server and I know it was working fine when I was in Taiwan. So a quick ssh to a box in the uk and the same telnet and ehlo replied correctly.
So I guess someone was sitting in the middle of the original attempt to send my mail.
Very sneaky.
Gah, just got Dun Doire on the sweepstake at work.
Regards,
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
November 2nd, 2012, 08:35 AM
#5
Junior Member
SSH VPN
SSH tunnels offer a method to bypass firewalls that command sure web services – farewell as a website permits outgoing connections. As an example, at workplace users is also blocked by some firewalls to access to social websites like facebook and youtube directly through eighty ports. However users might not would like to possess their internet traffic blocked by the firewalls and filters and want to be ready to unblock facebook and youtube. If users will hook up with AN external SSH server, they will produce AN SSH tunnel to forward a given port on their native machine to port eighty on an overseas internet server to bypass those firewalls and filters to unblock facebook and youtube.
View SSH VPN Details
Similar Threads
-
By Godsrock37 in forum Newbie Security Questions
Replies: 3
Last Post: February 19th, 2007, 12:55 PM
-
By foxyloxley in forum General Computer Discussions
Replies: 8
Last Post: June 22nd, 2005, 11:37 PM
-
By SDK in forum AntiOnline's General Chit Chat
Replies: 0
Last Post: April 20th, 2004, 02:16 PM
-
By Simo in forum Miscellaneous Security Discussions
Replies: 7
Last Post: October 28th, 2003, 03:47 PM
-
By Noble Hamlet in forum AntiOnline's General Chit Chat
Replies: 1100
Last Post: March 17th, 2002, 09:38 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|