Subject: Re: ssh-ip-tunnel only half-works
To: None <netbsd-help@netbsd.org>
From: James K. Lowden <jklowden@schemamania.org>
List: netbsd-help
Date: 02/21/2002 23:36:02
On Wed, Feb 20, 2002 at 06:31:47AM -0500, Gan Uesli Starling wrote:
> Having some odd trouble with ssh-ip-tunnel on two NetBSD
> machines (gus_ah, thinkpad) on LAN network 192.168.1.X
> One machine, gus_ah, also has WAN network 10.5.X.X
> There are no further networks.
> 
> SSH at least works because I can do this on gus_ah...
> [snip]
> ...so auth is okay. But vpn proper bombs out like this...
> 
> gus_ah# vpn thinkpad start
> Issuing /usr/sbin/pppd netmask 255.255.255.252 on /dev/ttyp0
> gus_ah# Feb 21... gus_ah pppd[433]: pppd 2.4.0 started by root,uid 0
> Feb 21... gus_ah pppd[433]: Connect: ppp0 <--> /dev/ttyp0
> Connection to 192.168.1.7 closed.
> Feb 21... gus_ah pppd[433]: Modem hangup
> Feb 21... gus_ah pppd[433]: Connection terminated.

Gan, 

RSAKEY=/home/vpnuser/.ssh/id_rsa 

is right.  

I'd look closer into TightVNC if I were you.  I haven't used it, but
from the looks of it, you could run that on your NT boxes (and the
W98 box in Kalamazoo), and yield better performance.  The ssh feature
is optional; you'll obviously ignore it because you'll have set up
the VPN independently.  

I think your logs are consistent with the possibility that ssh is
never getting fired up, so pppd is torn down as soon as it's brought
up.  Have a look at /usr/pkg/etc/vpn/global.conf.  Mine had the wrong
path to ssh.  Here's a patch:

--- global.conf.orig    Thu Dec 13 12:36:02 2001
+++ global.conf Mon Feb 11 20:06:04 2002
@@ -7,7 +7,7 @@
 # path to pty-redir
 REDIR=/usr/pkg/bin/pty-redir
 # path to ssh
-SSH=/usr/local/bin/ssh
+SSH=/usr/bin/ssh

Regards, 

--jkl