SuSE 7.0, IPCHAINS, SSH, VPN, Modem hangup

Jon Carnes jonc at NC.RR.COM
Wed Apr 11 23:19:24 EDT 2001 

On Wednesday 11 April 2001 07:04, Uwe Scheffold wrote:
> Hi out threre,
>
> I have a problem with ssh vpn.
>
> There is a installation, of a ssh-vpn on a Linux host. This host also works
> as firewall with masquerading (ipchains).
> After setup the ssh-vpn everything works fine. But after some time (10 min
> or so) the connetion terminates with:
>
> Apr 11 11:31:06 c523f pppd[8257]: sent [LCP ConfReq id=0x6 <asyncmap 0x0>
> <magic 0x16bd5d1f><pcomp> <accomp>]
> Apr 11 11:31:06 c523f pppd[8257]: rcvd [LCP ConfReq id=0x6 <asyncmap 0x0>
> <magic 0x16bd5d1f> <pcomp> <accomp>]
> Apr 11 11:31:06 c523f pppd[8257]: sent [LCP ConfNak id=0x6 <magic
> 0xec70b2f1>]
> Apr 11 11:31:07 c523f pppd[8257]: Modem hangup
> Apr 11 11:31:07 c523f pppd[8257]: Connection terminated.
> Apr 11 11:31:07 c523f pppd[8257]: Hangup (SIGHUP)
> Apr 11 11:31:07 c523f pppd[8257]: Failed to open /dev/ttyp0: Input/output
> error
> Apr 11 11:31:07 c523f last message repeated 8 times
> Apr 11 11:31:07 c523f pppd[8257]: Exit.
>
> Is anybody able to seen the reason for this?
>
> Is it possible detect the brakedown of the connection and to restart the
> vpn?
>
===

Sounds like a PPPD problem, but it could be caused by a lot of different
things.  Are your endpoints running at about the same speed and with good
connectivity to the internet? (low packet loss?)

In any case, here is a sample set of scripts Running on RH7.0 boxes (some
updates applied).

We have a bunch of these, here is a real simple set that are a bit crude.
The first script kicks off the vpn, the second checks on it regularly (run
via cron every minute.

=== vpn-start ===

#!/bin/bash
# Simple script to kick off a vpn connection (ppp via ssh) to Australia office
# The script must be run by root out of the /usr/local/bin directory.
# First setup a simple connection via SSH
cd /usr/local/bin
/usr/local/bin/pty-redir ssh -C -t -o 'Batchmode yes' aufirewall pppd
# the output of this will detail the ttyp to use (ttyp0 is normal)
sleep 10
# Next use PPPD to link the sites together - assuming ttyp0 is used
/usr/sbin/pppd /dev/ttyp0 10.1.4.68:192.168.30.253
sleep 10
/sbin/route add -net 192.168.30.0 gw 192.168.30.253 netmask 255.255.255.0
/sbin/route add -net 192.168.31.0 gw 192.168.30.253 netmask 255.255.255.0
ssh -o 'Batchmode yes' aufirewall /etc/rc.d/vpn-route

=== vpn-chk ===
#!/bin/bash
# Check the Australian VPN connection...
ps ax |grep "ssh -C -t -o" |grep -v grep>/dev/null || /usr/local/bin/syd-vpn
     >/dev/null

===

We have some more sophisticated scripts for our other connects, but these are
a good start because of their simplicity.

Jon

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list