ppp over ssh?

Magosányi Árpád mag at BUNUEL.TII.MATAV.HU
Tue Sep 12 04:09:18 EDT 2000


> I want a quick, cheap, secure, but not necessarily fast, VPN. I am
> planning on using PPP over SSH(SSL, actually) and then messing with
> some Linux routing tools (iproute and ipchains) to assemble this.
> 
> Is there anything flawed in my idea? If not, is performance the only
> reason why not everyone is using this as their VPN solution?

I have written a HOWTO on ppp over ssh, but now I recommend you
freeswan or pipsecd instead. (I better like pipsecd, it is simple
enough for my little brain). In those days there were no robust VPN 
implementation for linux, now we have it.
Reasons:
	The TCP flow control does not do good to your performance
	The reestablishment of the link can be problematic
	It is nontrivial to make all layers of the link 8 bit clean
	It is just a hack. Clever one (Hey, I made it!:), but still...

The only reasons to use vpn over ssh now are the following:
	You cannot use ipsec with the other end (link or OS limitations)
	You have one tcp port to tunnel the data through
	You want to tunnel IPX or other braindamage

And in these cases you might want to take a look at pptp.
(Beware, pptp's protocol is broken, but wrapping it in ssl and
turning off crypto in pptp itself may be lesser work than ppp over ssh).

And if you want to tunnel a finite set of tcp ports, you can just use ssh,
or one of the ssl wrappers.

-- 
GNU GPL: csak tiszta forrásból

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list