Everything should now be set up. Now it's time to take
a deep breath and try to bring up the link. Become root on the client machine and execute the vpn-pppssh script.
client# /usr/local/bin/vpn-pppssh start |
It will take a while to connect, but then it should come back with
something like the following Using interface ppp1
Connect: ppp1 <--> /dev/pts/1
local IP address 192.168.3.1
remote IP address 192.168.3.2 |
Did it work? First try pinging the client's VPN interface: If this worked, then you can reach the interface on the client OK.
Don't get excited yet -- that was the easy part. Now, try pinging
the server's VPN interface: If you get echoes back, then congratulations! Your PPP-SSH VPN
appears to be healthy.
Packets are successfully travelling the route in both directions.
You might want to log into your server and try initiating pings
from the server to the client, but at this stage of the game,
that's almost guaranteed to work.
You bring the VPN down with "vpn-pppssh stop". Now that the tunnel works, you might want to integrate it
into your system so it comes up automatically as described
in Section 7.
Also, if you want to forward packets from an entire subnet over the
link (rather than just the packets originating on the client and
server as we have set up now) see Section 8. The script itself is fairly simple. The entire system, however,
involves a lot of small parts. If any one of them is misconfigured,
it can prevent your VPN from working without so much as
a message why. Here is a list of things to check if you run
into difficulties: Double and triple check your network values. Try running
"vpn-pppssh config" to ensure the configuration
is correct and the shell hasn't ruined any of your values. Go back over
each step and make sure that it all checks out. Try temporarially turning
off any firewalls on the client, on the server, and on any machines in
between to see if any of them are getting in the way (not likely if
you can SSH between the two machines). Ensure that your routes are correct. You can list your routes
using "route -n". See the
Linux Network Administrators Guide
and http://www.icewalkers.com/Linux/Howto/Adv-Routing-HOWTO.html for more.
When you try to ping the VPN interfaces, if you get a
"sendto: Operation not permitted" error, you are probably running
into a firewall on the local machine that is denying packets before they
even reach the VPN network interface. Your firewall must allow
SSH traffic over your regular network and
it must allow all traffic over your VPN interfacess. The ipchains commands to smash a hole in your firewall for your
PPP interface will something like this: ipchains -I input 1 -i ppp1 -s 192.168.3.0/24 -j ACCEPT
ipchains -I output 1 -i ppp1 -d 192.168.3.0/24 -j ACCEPT |
ppp1 must, of course, be the network interface of your PPP-SSH
VPN, and the IP addresses must match the address of the local
interface. Make sure that packets are allowed on both the
client and server. See the Linux Firewall HOWTO, the IPChains HOWTO for kernel 2.2, or
documentation on iptables for kernel 2.4. | |
| |
Free eBook: 
