Quick and Dirty VPN with pppd and ssh

Posted by – 12/01/2009

This is just to keep a reference (so I don’t have to google it again 🙂 ): One can create a “quick and dirty” VPN using pppd and ssh:

bash$ /usr/sbin/pppd noauth 10.0.0.1:10.0.0.2 pty 'ssh -x -t -e none remote_user@remote_server /usr/sbin/pppd passive noauth'

This assumes both users (local and remote) have permissions to run pppd (some sudo trickery may become very handy) and that no password is asked by ssh (password-less key authentication).

Quite handy, ain’t it?

9 Comments on Quick and Dirty VPN with pppd and ssh

  1. spectra says:

    @Timo Juhani Lindfors,

    sudo pppd updetach noauth pty “slirp ppp” 10.0.0.1:10.0.0.2

    I believe you meant

    sudo pppd updetach noauth pty “ssh remote_user@remote_server slirp ppp” 10.0.0.1:10.0.0.2

    right? And remote_user still have to login with a passwordless key. Good Thing™ that it don’t need root access, though. I had forgot about slirp. Thanks for the tip.

  2. spectra says:

    @Anonymous,

    Right… This article seems to work… That is not “Quick and Dirty”, but will do the job 🙂

    @Hamish,

    Yes, I know about the performance problems… but this is just a quickie… Not intended to be a permanent solution.

    @mirabilos,

    You are probably right… 🙂

  3. spectra says:

    @Sven,

    It’s handy, for sure… Last time I checked, it required RootLogin tough, which is a no-go for me…

  4. Jamela M. Angueira says:

    Olha só o que vi no BR-Linux.

    Rapidinho com openvpn! (Bem, não tão rápido como o seu, mas…)

  5. Timo Juhani Lindfors says:

    With

    sudo pppd updetach noauth pty “slirp ppp” 10.0.0.1:10.0.0.2

    you only need root priviledges on the client machine.

  6. mirabilos says:

    I’d rather suggest you paste two quick-and-dirty OpenVPN configurations
    (server and client) for your future use ☺ Similar reasons as these already
    stated. OpenSSH probably won’t see UDP transport in a while…

  7. Hamish Moffatt says:

    Convenient but prone to performance problems.. see
    http://sites.inka.de/~W1011/devel/tcp-tcp.html

  8. Anonymous says:

    @spectra: Just add keys to root’s authorized_keys file, and limit those keys to only run a single command, namely a script to set up the other end of the point-to-point network connection.

  9. Sven Mueller says:

    Hi.

    Why not use OpenSSH tun(/tap) support? (-w commandline option with recent versions of OpenSSH IIRC).

    I find that a bit easier to use.

    Regards,
    Sven

Leave a Reply

Your email address will not be published. Required fields are marked *