Monday, May 17, 2004
Quick and Dirty VPN via SSH-PPP
Trying to get a vpn solution that will work on mac, linux and windows is a complete pain. I started trying to use PopTop on Linux. OS X would not connect. Seems like it was having trouble with compression. Apple's article about turning compression off didn't help. Tries freeswan. What a nightmare. Switched to Kame. A breeze to setup. Couldn't get the crappy dsl router to route the ipsec traffic correctly.
Okay, so what do you do when *need* to get a vpn working *now* and you don't want to spend all day? SSH of course. Here is the easiest vpn ever. :)
/usr/sbin/pppd nodetach noauth pty "ssh myusername@my.sshserver.com -o Batchmode=yes sudo /usr/sbin/pppd idle 300 nodetach notty noauth" 192.168.1.1:192.168.1.2
The only trick is putting yourself in sudoers so that you can run pppd. (or you can set pppd setuid but thats a bad idea). The following in /etc/sudoers does the trick:
myusername ALL=NOPASSWD: /usr/sbin/pppd
Okay, so what do you do when *need* to get a vpn working *now* and you don't want to spend all day? SSH of course. Here is the easiest vpn ever. :)
/usr/sbin/pppd nodetach noauth pty "ssh myusername@my.sshserver.com -o Batchmode=yes sudo /usr/sbin/pppd idle 300 nodetach notty noauth" 192.168.1.1:192.168.1.2
The only trick is putting yourself in sudoers so that you can run pppd. (or you can set pppd setuid but thats a bad idea). The following in /etc/sudoers does the trick:
myusername ALL=NOPASSWD: /usr/sbin/pppd
