Very Computer

I tried to follow the VPN-HOWTO instructions to set up a secured VPN with
ssh.
The ssh authentication works well and the server correctly starts the pppd.

My problem occurs on the client side. The HOWTO lists a little script to
connect to the
server using pty_redir, ssh, sleep and pppd as follows
====================================================================
/usr/sbin/pty_redir /usr/bin/ssh -t -e none -c blowfish -i path/to/my/key -l
username my.vpn.server >/tmp/vpn-device
sleep 10
/usr/sbin/pppd `cat /tmp/vpn-device`
====================================================================

The file /tmp/vpn-device normally contains "/dev/ptyp0" in my case.
Heres the dump when i start this script. I added some debugging switches
for better reading

====================================================================
+ /usr/sbin/pty-redir /usr/bin/ssh -t -e none -c blowfish -i
/root/.ssh/private.key -l vpn -v vpn.server.com
SSH Version 1.2.27 [i386-suse-linux], protocol version 1.5.
Standard version.  Does not use RSAREF.
localhost: Reading configuration data /etc/ssh_config
+ sleep 10
localhost: ssh_connect: getuid 0 geteuid 0 anon 0
localhost: Connecting to vpn.server.com [192.168.1.1] port 22.
localhost: Allocated local port 1023.
localhost: Connection established.
localhost: Remote protocol version 1.5, remote software version 1.2.27
localhost: Waiting for server public key.
localhost: Received server public key (768 bits) and host key (1024 bits).
localhost: Host 'vpn.server.com' is known and matches the host key.
localhost: Initializing random; seed file /home/me/.ssh/random_seed
localhost: Encryption type: blowfish
localhost: Sent encrypted session key.
localhost: Installing crc compensation attack detector.
localhost: Received encrypted confirmation.
localhost: No agent.
localhost: Trying RSA authentication with key 'vpn'
localhost: Received RSA challenge from server.
localhost: Sending response to host key RSA challenge.
localhost: Remote: RSA authentication accepted.
localhost: RSA authentication accepted by server.
localhost: Requesting pty.
localhost: Requesting shell.
localhost: Entering interactive session.
++ cat /tmp/vpn-device
+ /usr/sbin/pppd /dev/ptyp0 noipdefault ipcp-accept-local ipcp-accept-remote
noauth lock nocrtscts
Failed to open /dev/ptyp0: Input/output error
localhost:~ # Connection to vpn.server.com closed.
localhost: Transferred: stdin 0, stdout 521, stderr 40 bytes in 30.7 seconds
localhost: Bytes per second: stdin 0.0, stdout 16.9, stderr 1.3
localhost: Exit status 10
====================================================================

It seems to me that pppd cannot open the character device /dev/ptyp0
previously opened by pty_redir
to talk to the redirected ssh. (Failed to open /dev/ptyp0: Input/output
error)
After the script exited and pty_redir has released its stdin/stdout
redirection from /dev/ptyp0 there is
no problem starting "pppd /dev/ptyp0" without errors so its not a problem
of the device.

Has anyone a solution?
Please let me know!

I don't ordinarily try to answer a question on a subject that I haven't
actually tried but you don't seem to be getting much help so ...

Quote:> I tried to follow the VPN-HOWTO instructions to set up a secured
> VPN with ssh.  The ssh authentication works well and the server
> correctly starts the pppd.
> My problem occurs on the client side. The HOWTO lists a little script to
> connect to the server using pty_redir, ssh, sleep and pppd as follows
> ====================================================================
> /usr/sbin/pty_redir /usr/bin/ssh -t -e none -c blowfish -i path/to/my/key -l
> username my.vpn.server >/tmp/vpn-device
> sleep 10
> /usr/sbin/pppd `cat /tmp/vpn-device`
> ====================================================================

Quote:> The file /tmp/vpn-device normally contains "/dev/ptyp0" in my case.
> Heres the dump when i start this script. I added some debugging switches
> for better reading
> ====================================================================
> + /usr/sbin/pty-redir /usr/bin/ssh -t -e none -c blowfish -i
> /root/.ssh/private.key -l vpn -v vpn.server.com

Quote:> SSH Version 1.2.27 [i386-suse-linux], protocol version 1.5.

Quote:> localhost: Entering interactive session.
> ++ cat /tmp/vpn-device
> + /usr/sbin/pppd /dev/ptyp0 noipdefault ipcp-accept-local
> ipcp-accept-remote noauth lock nocrtscts

$PPPD persist ppp-work:ppp-home \
      pty "$SSH -o 'BatchMode yes' -e none -C -l ppp-user \
      -i /home/ppp-user/.ssh/identity XXX.YYY.ZZZ.TTT /usr/sbin/pppd \
      notty"

for PPPD=/usr/sbin/pppd, SSH=/usr/bin/ssh, ppp-user replaced by vpn,
ppp-work:ppp-home replaced by $PPP_OPTIONS and XXX.YYY.ZZZ.TTT replaced
by vpn.server.com.  The -C probably should also be omitted.  This came
from an old post that said it worked.  If man pppd shows pty as an
option then some variant should work for you.

--

/* No matter what other nations may say about the United States,
   immigration is still the sincerest form of flattery. */