Search this site


Metadata

Articles

Projects

Presentations

New ssh vpn article, soon.

I keep an eye on my apache access logs to see what kind of traffic my site gets and why it gets here. It seems that a non-trivial number of searches are for 'vpn over ssh' and similar variants. These land at the ppp over ssh article.

New versions of openssh have built-in support for tunneling, and do not require ppp at all. Seeing as how I've never really used this new feature, and there's a nontrivial number of searches ending up on the ppp-over-ssh article, I think it's time to write a little article on how to use the new openssh built-in tunneling.

Stay tuned...

Routing all traffic through VPN

So, I have a pptp vpn server running in my apartment. I desire this setup:
I VPN to my apartment. *All* traffic will go through this vpn
PPP has features to negotiate IP-level information such as DNS and "Here's your IP" using IPCP. However, it doesn't seem to be able to share routes. However, my local ppp.conf can say add default HISADDR and suddenly all my traffic wants to go through the vpn. However, once I do this, I lose all connectivity to the vpn because it is off-subnet - my machine forgets how to route data to the vpn, oops!

Is there a way to have ppp add an additional route that I want? Specifically, I want to take the existing known gateway (say, my wifi gateway) and do: add [vpnhostname] [currentroute] and then add a default route for the tunnel. This will allow all traffic to want to go through the tunnel, but still allow the OS to know how to *get* to that tunnel.

A hacky solution involves some pre-vpn discovery. I need to figure out what my default route is. Once I know that, I can simply add a single line in my ppp.conf and I have all traffic routing through my apartment.

 add myvpnhostname mycurrentdefaultroute
 add default HISADDR
These two lines create 2 routes. The first keeps the system aware of how to reach the vpn server. The second ensure a default route to the vpn gateway.

While this is suboptimal, it is easy to automate. My vpn script can simply generate a new ppp.conf and grab the default route with:

nightfall# netstat -rn -finet | awk '/^default/ { print $2 }'
192.168.55.254