NOTICE: I don't use this method any more, I use GRE tunneling, please backup up to http://stuph.org/ and load the GRE tunnel file instead. This is left for legacy and for those of you running through firewalls or aren't otherwise capable of using GRE tunneling.
These examples are for routing 16 addresses over a tunnel. All of these scripts are based on current versions of pppd and current ssh programs. I use 2.1.x, these examples should work with 2.0.x with few if any modifications. The addresses used in this example are real, the telephone number is not nor are the username/password.
In this particular setup there are a few issues.
There are five steps involved.inability to detect a successfully established ssh tunnel assumption of device names may lead to problems
initial dialup via an analog modem WITHOUT a default route adding a host route specifically for the remote end of the tunnel starting the ssh to the remote end and executing pppd capturing the tty and running pppd locally over this device establishing appropriate routing for the tunnel
/etc/rc.d/netstart.sh, mode 700
#!/bin/bash
/usr/sbin/pppd /dev/modem 115200 \
crtscts modem \
ipcp-accept-remote \
nodefaultroute lock proxyarp \
persist holdoff 1 idle 86400 maxconnect 2592000 \
user myusername remotename dialup_for_ds \
connect /etc/rc.d/chatla.sh
/etc/rc.d/chat.sh, mode 700
#!/bin/bash
exec /usr/sbin/chat -r /var/log/connect-rates -v \
TIMEOUT 3\
ABORT '\nBUSY\r' \
ABORT '\nNO ANSWER\r' \
ABORT '\nNO CARRIER\r' \
ABORT '\nRINGING\r\n\r\nRINGING\r' \
'' 'ATM0L0W2&D3DT555-6969' \
TIMEOUT 45 REPORT CONNECT CONNECT ''
/etc/ppp/pap-secrets, mode 600
# username dialup keyword password
myusername dialup_for_ds mypasswd
/etc/ppp/ip-up, mode 700
#!/bin/bash
# this is somewhat hardcoded, it assumes that ppp0 will always be the dialup
# device and other ppp devices are for the ssh tunnel
# note: messenger is a program of my own devising, it pops up notices on my
# X desktop
PATH="/bin:/usr/bin:/sbin:/usr/sbin:/etc:.:/usr/local/bin:/usr/local/sbin"
if [ -e /var/run/ppp[123456789].pid ]; then
msg="VPN is currently routing packets, no action taken"; vpn="1"
else
msg="VPN is down, establishing network link with remote host"; vpn="0"
fi
case "$1" in
ppp0)
route add -net 207.212.176.0 netmask 255.255.255.0 dev ppp0
route add -net 209.144.96.0 netmask 255.255.240.0 dev ppp0
route add -host 207.213.15.129 dev ppp0
rate=`tail -n 2 /var/log/connect-rates |gawk '{if ($5=="CONNECT") print $6}'`
DISPLAY=midnite::0 messenger "$1 connect rate($rate) local($4) remote($5). $msg" &
if [ $vpn -eq 0 ]; then
/etc/rc.d/rc.inet3
fi
;;
*)
route add -host 207.213.15.129 dev ppp0
route add default dev $1
DISPLAY=midnite::0 messenger "VPN($1) link online" &
;;
esac
#/sbin/route -n >/tmp/routes
#DISPLAY=midnite:0 messenger "`/bin/cat < /tmp/routes`" &
/etc/ppp/ip-down, mode 700
#!/bin/bash
rm /var/run/$1.pid
case "$1" in
ppp0)
mesg="dialup line failed"
;;
*)
mesg="VPN link is offline"
;;
esac
DISPLAY=midnite:0 messenger "($1) $mesg" &
Here also, the assumption is lazily made that ssh will always succeed. Be forewarned...it doesn't. Also..I'm lazy and haven't fixed the redir program so that's why i pipe it through sed ;)
/etc/rc.d/rc.inet3, mode 700 #!/bin/bash RD="/usr/local/bin/tty-redir" # redirection util SH="/usr/local/bin/ssh" # ssh PD="/usr/sbin/pppd" # pppd DS="207.213.15.129" # destination, i.e. remote end of tunnel OP="-e none -C -c none" # options #this is done in the ip-up script. if you really thing it is necessary.. #go for it. #/sbin/route add -host $DS dev ppp0 >/dev/null 2>&1 $RD $SH $OP -o 'BatchMode yes' -t $DS $PD 2>/tmp/device dv=/usr/bin/sed 's/pty/tty/' /tmp/device|cut -c1-10` /usr/bin/sleep 10 /usr/sbin/pppd $dv 207.213.15.242:207.213.15.241 proxyarp passive