netbsd-help: modem hangup on ssh-ip-tunnel

Subject: modem hangup on ssh-ip-tunnel
To: None <netbsd-help@netbsd.org>
From: Gan Uesli Starling <oinkfreebiker@att.net>
List: netbsd-help
Date: 02/20/2002 10:32:32
Below is the script for "vpn" the heart of ssh-ip-tunnel. Am I correct in 
reading that it is supposed to fire up pppd on the peer machin, that is
say in my case the "thinkpad"? May it be that SSH is fine but the tunnel
is collapsing due to no pppd at the other end. I don't see a message
on the thinkpad that pppd is starting. Would I?

thinkpad# cat /usr/pkg/sbin/vpn
#!/bin/sh
#
# VPN Init script for VPN using pppd over ssh
# Copyright (c) 1999  Dustin Sallings
# $Id: vpn,v 1.4 1999/02/22 07:12:10 dustin Exp $

# VARS
CONFIGS=/usr/pkg/etc/vpn

usage()
{
        echo "Usage:  $0 peer cmd"
        echo "Valid commands are as follows:"
        echo "    start"
        echo "    stop"
        echo "    authtest"
}

vpn_start()
{
        PEER=$1

        PTY=`$REDIR $SSH -e none -t -o 'Batchmode yes' -i $RSAKEY \ 
                            -l $SSHUSER  $PEER $REMOTEPPP $RPPPOPTIONS`

        echo "Issuing $REMOTEPPP $RPPPOPTIONS on $PTY"

        if [ "x$PTY" = "x" ]
        then
                echo "Failed to get a pty"
                exit 1
        fi

        $LOCALPPP $PTY $LOCALADDR:$REMOTEADDR $LPPPOPTIONS
}

vpn_authtest()
{
        $SSH -i $RSAKEY -l $SSHUSER $PEER true
        if [ $? -eq 0 ]
        then
                echo "Auth is OK"
        else
                echo "ssh failed auth"
        fi
}

vpn_stop()
{
        ID=`netstat -ain | egrep $LOCALADDR | awk '{print $1}' | sed s/ppp//`

        if [ "x$ID" = "x" ]
        then
                echo "Cannot find interface this peer is running on.  Is it running?"
        else
                if [ -f /var/run/ppp$ID.pid ]
                then
                        PID=`cat /var/run/ppp$ID.pid`
                fi

                if [ "x$PID" = "x" ]
                then
                        echo "Can't find PID file for $1"
                else
                        echo "Shutting down"
                        kill $PID
                fi
        fi
}

PEER=$1
CMD=$2

if [ "x$CMD" = "x" ]
then
        echo "Too few arguments!"
        usage
        exit 1
fi

# OK, there are enough arguments, let's see if they're correct.

if [ ! -f $CONFIGS/peers/$PEER ]
then
        echo "No such peer:  $PEER"
        exit 1
fi
 
# get the global config
. $CONFIGS/global.conf
 
# source the config
. $CONFIGS/peers/$PEER
 
case $CMD in
        start)
                vpn_start $PEER
        ;;
        authtest)
                vpn_authtest $PEER
        ;;
        stop)
                vpn_stop $PEER
        ;;
        *)
                echo "Unknown command $CMD"
                usage
        ;;
esac
thinkpad#

...eof for file "vpn" of ssh-ip-tunnel. Below is description of
modem-hanging behavior.

On Wednesday 20 February 2002 06:31, you wrote:
> Having some odd trouble with ssh-ip-tunnel on two NetBSD
> machines (gus_ah, thinkpad) on LAN network 192.168.1.X
> One machine, gus_ah, also has WAN network 10.5.X.X
> There are no further networks.
>
> SSH at least works because I can do this on gus_ah...
>
> gus_ah# ssh vpnuser@192.168.1.7
> Last Login: ... from gus_ah.starling.
> NetBSD 1.5.1 (GENERIC) ...blah...
>
> Welcome to Netbsd!
> ..blah..
> thinkpad {1} exit
> thinkpad {2} logout
> Connection to 192.168.1.7 closed
>
> ...and looking over to thinkpad, I see...
>
> thinkpad: {4} Feb 20 06:03:18 thinkpad sshd[858]: Accepted none for
> vpnuser from 192.168.1.200 port 1022 ssh2
>
> ...so it SSH is okay. And ssh-ip-tunnel sorta works because when I...
>
> gus_ah# vpn thinkpad authtest
> Auth is OK
> gus_ah#
>
> ...and thinkpad says...
>
> thinkpad: {5} Feb... thinkpad sshd[865]: Accepted none for vpnuser
> from 192.168.1.200 port 65500 ssh2
>
> ...so auth is okay. But vpn proper bombs out like this...
>
> gus_ah# vpn thinkpad start
> Issuing /usr/sbin/pppd netmask 255.255.255.252 on /dev/ttyp0
> gus_ah# Feb 21... gus_ah pppd[433]: pppd 2.4.0 started by root,uid 0
> Feb 21... gus_ah pppd[433]: Connect: ppp0 <--> /dev/ttyp0
> Connection to 192.168.1.7 closed.
> Feb 21... gus_ah pppd[433]: Modem hangup
> Feb 21... gus_ah pppd[433]: Connection terminated.
>
> ...and thinkpad says...
>
> thinkpad: {6} Feb... thinkpad sshd[876]: Accepted none for vpnuser
> from 192.168.1.200 port 65498 ssh2
>
> ...and I just don't get it! Here is my peer file for ssh-ip-tunnel.
>
> # /usr/pkg/etc/vpn/peers/thinkpad
> # PPP addresses to be created
> #   Know that 10.1.X.X not used elsewhere.
> LOCALADDR=10.1.1.1
> REMOTEADDR=10.1.1.2
> #
> # Where we're connecting.
> PEER=vpnuser@192.168.1.7
> #
> # ssh user
> SSHUSER=vpnuser
> #
> # key to use for RSA authentication
> # these are ALL my keys. Tried all in turn.
> #RSAKEY=/home/vpnuser/.ssh/id_dsa
> #RSAKEY=/home/vpnuser/.ssh/id_dsa.pub
> RSAKEY=/home/vpnuser/.ssh/id_rsa
> #RSAKEY=/home/vpnuser/.ssh/id_rsa.pub
> #RSAKEY=/etc/ssh_host_dsa_key
> #RSAKEY=/etc/ssh_host_dsa_key.pub
> #RSAKEY=/etc/ssh_host_rsa_key
> #RSAKEY=/etc/ssh_host_rsa_key.pub
> #RSAKEY=/home/vpnuser/.ssh/RSA_Galesburg
> #RSAKEY=/home/vpnuser/.ssh/RSA_Galesburg.pub
> #RSAKEY=/home/vpnuser/.ssh/DSA_Galesburg
> #RSAKEY=/home/vpnuser/.ssh/DSA_Galesburg.pub
> #RSAKEY=/home/vpnuser/.ssh/RSA_AuburnHills
> #RSAKEY=/home/vpnuser/.ssh/RSA_AuburnHills.pub
> #RSAKEY=/home/vpnuser/.ssh/DSA_AuburnHills
> #RSAKEY=/home/vpnuser/.ssh/DSA_AuburnHills.pub
> #
> # ppp command to run on this end
> LOCALPPP=/usr/sbin/pppd
> #
> # extra options for local PPP
> LPPPOPTIONS="netmask 255.255.255.252"
> #
> # PPP command to run on that end
> REMOTEPPP=/usr/sbin/pppd
> #
> # extra options for remote ppp
> RPPPOPTIONS="netmask 255.255.255.252"
> #
> #EOF
>
> Any clues?
>
> Thanks,
>
> Gan