Re: PPTP or PPP over SSH?
- From: Darren Tucker <dtucker@xxxxxxxxxxxxxxxx>
- Date: 24 Feb 2006 13:39:15 GMT
On 2006-02-23, r_vanbeek@xxxxxxxxxxx <r_vanbeek@xxxxxxxxxxx> wrote:
Anonymous wrote:
Suggested reading. "Why TCP Over TCP Is A Bad Idea" by Olaf Titz.
http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
Actually that should be "Why TCP over IP over TCP..." (more on why later).
You could probably mitigate some of the potential problems by configuring
the SSH connection to be sensitive to network failures (eg by setting
ClientAliveInterval to a couple of seconds and ClientAliveIntervalMax to 1
or 2).
In theory this would cause it to look more like a "lossy" link to the
upper TCP during brief network problems or congestion. It's probably
unusable on links with consistently high packet loss, though.
I already read that, but it did not help me in selecting (another)
right protocol.
Can you SOCKSify your app (either directly, via LD_PRELOAD or via the
system's stack itself)? If so then you could use DynamicForwards.
[now it gets weird]
On a slightly related note, here's a neat hack from the I'm
amazed-that-it-works dept (absolutely not a production-quality solution,
though :-)
You can stack pppd, slirp (anyone remember slirp?) and SSH dynamic (SOCKS)
forwarding. It sounds insane but I just tried it and it works for TCP
connections: you can transparently tunnel them over SSH as direct-tcpip
channel requests.
For those that aren't familiar with it, slirp is a Unix app that looks
like a SLIP or PPP interface on one side but a regular(ish) Unix network
application on the other. It basically implements a little TCP/IP
stack and reassembles TCP connections (and UDP packets) then makes the
equivalent connect/bind/whatever calls on the Unix host. It was used
quite a bit back in the dark days before dialup SLIP/PPP services were
common.
Anyway, I built a socksified slirp binary (using dante socks), ran it
under pppd, configured socks.conf to send socksified connections via an
ssh DynamicForward and added a route to ppp0.
Amazingly, this kinda worked. Making a connection to something down
that route results in:
app -TCP/IP-> ppp0 -> slirp -SOCKS-> ssh -tunnel-> sshd -> TCP -> server
The TCP connections travel over the SSH tunnel as port forward requests
and without the extra IP layer that may cause the problems described.
UDP services don't work, though.
In case anyone else is nutty enough to try this, the recipe I used is:
ssh: ssh -D1080 somehost
dante: standard install, configured to forward via localhost:1080
slirp: CFLAGS="-include socks.h" LIBS="-ldsocks" ./configure
pppd: /usr/sbin/pppd debug nodetach pty "slirp -P"
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
.
- References:
- PPTP or PPP over SSH?
- From: r_vanbeek
- Re: PPTP or PPP over SSH?
- From: Anonymous
- Re: PPTP or PPP over SSH?
- From: r_vanbeek
- PPTP or PPP over SSH?
- Prev by Date: Re: cygwin scp -r fails
- Next by Date: Does Roadrunner us dynamic ports?
- Previous by thread: Re: PPTP or PPP over SSH?
- Next by thread: Re: PPTP or PPP over SSH?
- Index(es):
Relevant Pages
|
|
