Building a VPN with ppp over ssh within 2 linuxes

rdircio

To build a Virtual Private Network within two remote machines, you might follow the howto at
http://www.tldp. org/HOWTO/VPN-HOWTO/index.html
which is very detailed, or, if you have two slackware 10.x
with default 2.4.x kernels, just use the procedure described in this document.
This OBSOLETES the ssh reverse telnet entry previously detailed in this blog.


Requirements:
– 2 machines, machineA and machineB.
– machineA will be the ppp client and machineB the ppp server
– machineA MUST have access to machineB through ssh.
– pty-redir in machineA from http://www.shinythings.com/pty-redir/
– No extra ethernet interfaces needed.
At machine A:
Make a file at /scripts/rtelnet/rt.ksh with contents:
#!/bin/bash
ADATE=`date “+%Y-%m-%d-%H:%M”`
PS=`ps -ef | grep -v grep |grep ppp | wc -l`
if [ $PS -gt 0 ]; then
echo “no need to retunnel $ADATE” >> /dev/null
else
echo “now retunneling ppp: $ADATE” >> /root/rtelnet.log
K=`ps -fe | grep ssh | grep -i Batchmode | awk ‘{ print $2 }’`
kill -9 $K >> /root/rtelnet.log
/usr/sbin/pty-redir /usr/bin/ssh -C -t -e none -o ‘Batchmode yes’ vpn@machineB > /tmp/vpn-device
sleep 10
/usr/sbin/pppd `cat /tmp/vpn-device` 192.168.40.253: 192.168.40.254
fi


You can choose 192.168.x.x addresses or 172.16.x addresses at your own will…
Then make a link to this file at /etc/cron.hourly:
machineA# ln -s /scripts/rtelnet/rt.ksh /etc/cron.hourly/rt.ksh
At machine B:
Create user vpn with shell /usr/sbin/pppd, and allow him to execute pppd:
machineB# useradd -d /home/vpn -m vpn -s /usr/sbin/pppd
machineB# mkdir -p /home/vpn/.ssh; chown vpn /home/vpn/.ssh
machineB# chmod u+s /usr/sbin/pppd
At machine A:
Copy a ssh key to allow root to login as user vpn in machine B
machineA# scp /root/.ssh/id_dsa.pub machineB:/home/vpn/.ssh/authorized_keys
At machine B:
machineB# chown vpn /home/vpn/.ssh/authorized_keys
machineB# chmod -fR 700 /home/vpn/.ssh


Edit /etc/ppp/options, and make sure you have enabled:
noauth
proxyarp
ipcp-accept-local
ipcp-accept-remote


You might then run the script manually at machineA:
machineA#/scripts/rtelnet/rt.ksh
Or wait until the crontab executes it hourly.
You can see the results as having a ppp interface when you type ifconfig -a:
machineA# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:11:43:01:BF:97
inet addr:150.100.106.32 Bcast:150.100.106.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1442299 errors:0 dropped:0 overruns:0 frame:8
TX packets:791769 errors:0 dropped:0 overruns:0 carrier:0
collisions:108549 txqueuelen:1000
RX bytes:725406260 (691.8 Mb) TX bytes:113886692 (108.6 Mb)
Interrupt:11
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:7662 errors:0 dropped:0 overruns:0 frame:0
TX packets:7662 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9507700 (9.0 Mb) TX bytes:9507700 (9.0 Mb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.40.253 P-t-P:192.168.40.254 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:116175 errors:0 dropped:0 overruns:0 frame:0
TX packets:111813 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:31145420 (29.7 Mb) TX bytes:7337890 (6.9 Mb)


Now do the same in machineB:
machineB# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0C:76:AC:C7:AD
inet addr:201.154.187.65 Bcast:201.154.187.67 Mask:255.255.255.252
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1128235 errors:0 dropped:0 overruns:0 frame:0
TX packets:798177 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1028702533 (981.0 Mb) TX bytes:139249041 (132.7 Mb)
Interrupt:10 Base address:0x4000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:94489 errors:0 dropped:0 overruns:0 frame:0
TX packets:94489 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:550735249 (525.2 Mb) TX bytes:550735249 (525.2 Mb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.40.254 P-t-P:192.168.40.253 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:111998 errors:0 dropped:0 overruns:0 frame:0
TX packets:116406 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:7353046 (7.0 Mb) TX bytes:31169104 (29.7 Mb)


You’ll see machine A as 192.168.40.253 and machineB as 192.168.40.254.
Go ahead and ping’em, nmap’em, use their samba resources, or whatever you want, you have a network
within them!

Leave a Reply

Your email address will not be published. Required fields are marked *