outsource from india chennai india programmers freelance php coder freelance outsource scripts programming complicated perl patterns php module installation
outsource from india perl installation and configuration php installation linux system administration US$15,US$19,US$11,US$10 cheap programmer
india outsource outsource india chennai india programmers php perl mysql freelance freelance programmer
SHOWCASE of php and perl scripts CONTACT US for php custom perl scripts
HOME
 
VPN PPP-SSH Mini-HOWTO
PrevNext

6. Bring up the Link

Everything should now be set up. Now it's time to take a deep breath and try to bring up the link.

  1. Become root on the client machine and execute the vpn-pppssh script. 

    client# /usr/local/bin/vpn-pppssh start

  2. It will take a while to connect, but then it should come back with something like the following

    Using interface ppp1
Connect: ppp1 <--> /dev/pts/1
local  IP address 192.168.3.1
remote IP address 192.168.3.2

  3. Did it work? First try pinging the client's VPN interface:

    client$ ping 192.168.3.2

  4. If this worked, then you can reach the interface on the client OK. Don't get excited yet -- that was the easy part. Now, try pinging the server's VPN interface:

    client$ ping 192.168.3.1

    If you get echoes back, then congratulations! Your PPP-SSH VPN appears to be healthy. Packets are successfully travelling the route in both directions. You might want to log into your server and try initiating pings from the server to the client, but at this stage of the game, that's almost guaranteed to work.

You bring the VPN down with "vpn-pppssh stop".

Now that the tunnel works, you might want to integrate it into your system so it comes up automatically as described in Section 7. Also, if you want to forward packets from an entire subnet over the link (rather than just the packets originating on the client and server as we have set up now) see Section 8.

6.1. Troubleshooting

The script itself is fairly simple. The entire system, however, involves a lot of small parts. If any one of them is misconfigured, it can prevent your VPN from working without so much as a message why. Here is a list of things to check if you run into difficulties:

  • Double and triple check your network values. Try running "vpn-pppssh config" to ensure the configuration is correct and the shell hasn't ruined any of your values.

  • Go back over each step and make sure that it all checks out.

  • Try temporarially turning off any firewalls on the client, on the server, and on any machines in between to see if any of them are getting in the way (not likely if you can SSH between the two machines).

  • Ensure that your routes are correct. You can list your routes using "route -n". See the Linux Network Administrators Guide and http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html for more.

6.1.1. sendto: Operation not permitted

When you try to ping the VPN interfaces, if you get a "sendto: Operation not permitted" error, you are probably running into a firewall on the local machine that is denying packets before they even reach the VPN network interface. Your firewall must allow SSH traffic over your regular network and it must allow all traffic over your VPN interfacess.

The ipchains commands to smash a hole in your firewall for your PPP interface will something like this:

ipchains -I input  1 -i ppp1 -s 192.168.3.0/24 -j ACCEPT
ipchains -I output 1 -i ppp1 -d 192.168.3.0/24 -j ACCEPT

ppp1 must, of course, be the network interface of your PPP-SSH VPN, and the IP addresses must match the address of the local interface. Make sure that packets are allowed on both the client and server.

See the Linux Firewall HOWTO, the IPChains HOWTO for kernel 2.2, or documentation on iptables for kernel 2.4.

PrevHomeNext
Configure the Client Integrating the VPN into your system

Linux HOWTO full list
   This document, LDP HOWTO-INDEX, is copyrighted (c) 1995 - 2002 by Tim Bynum, Guylhem Aznar, Joshua Drake and Greg Ferguson. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available at http://www.gnu.org/copyleft/fdl.html. If you have questions, please contact the LDP.
Web Design Copyright © 1999-2003. Chrisranjana Software Solutions Pvt Ltd. syndicate rss feed