3:50 PM - SSH VPN: Connecting two BSD boxes together
I've been working on getting into the office network at home. I have ssh access to one machine, a FreeBSD based server. The other end is a MidnightBSD desktop at home.
I found this tutorial:
http://tengu.us/vpn-ppp-ssh/vpn-ppp-ssh.html
It's quite nice. I decided to log my setup so far in my blog. You never know when another site like that will go down and there are a few ambiguities with the directions there.
Client setup:
Add this to /etc/ppp/ppp.conf
work-vpn:
set escape 0xff
# using ssh port-forwarding to connect
set device localhost:6669/tcp
set dial
set timeout 600
set log Phase Chat Connect hdlc LCP IPCP IPV6CP tun
# specify ip addrs for both ends.
set ifaddr 10.8.0.1 192.168.0.1
Now the first address is "made up" for my local machine and the second is a "made up" ip for the tun interface on the other end "server".
Also create a file /etc/ppp/ppp.linkup
in it, put this:
work-vpn:
add 192.168.0.0/24 HISADDR
Now the client is ready. You will need to setup a ssh tunnel between the client and server.
ssh -L 6669:localhost:6669 youruser@yourservermachine.whatever
The next step is setting up the server system. You'll need root to do this.
First, configure /etc/services
ppp-in 6669/tcp # Incoming PPP connections over TCP (ppp-vpn)
Next, /etc/inetd.conf
ppp-in stream tcp nowait root /usr/sbin/ppp ppp -direct ppp-in
make sure inetd is running and send HUP if you need to
/etc/ppp/ppp.conf
ppp-in:
set timeout 0
set ifaddr 192.168.0.1 10.8.0.1
/etc/ppp/ppp.linkup:
ppp-in:
# route traffic to home lan thru the connection.
add 192.168.2.0/24 HISADDR
start ssh tunnel as described above and then ppp on the client
sudo ppp -background work-vpn
verify it's up:
sudo tail -f /var/log/ppp.log
ping 192.168.0.1
This will get you in, but you'll still need to setup nat on the server using natd + ipfw or some other solution.