< howto

PPP over SSH

  • This is untested code, just copied from a friend

Setup PPP over SSH in order to avoid NAT translations. RedHat Linux comes with a sample script /usr/share/doc/ppp-<version>/scripts/ppp-on-ssh, which requires almost no modification. the variable pppD_RHOST needs to be set to the ost inside the Net, e.g. PPPD_RHOST= PPD_LOC and SSH_LOC have references to “local” in theri path, and will need to be modified to point to teh correct locations for ssh and sshd. The call to SSh specifiies no encryption; it should be chanaged to use encryption.

A file is required for the local and remote ends of the tunnel.

On the remote side, /etc/pp/options-ssh-rem contains:

on the local side, /etc/ppp/options-ssh-loc contains:

Run the script: ./ppp-on-ssh

Then tell your machine to go through the PPP interface to get to the network.

route add -net netmask dev ppp0

At this point, the web browser on the local machine can be pointed to the internal address of, e.g. All should work normally now. Here is a sample script which works on RH AS 3.0:

# Note that it works with SSH 2 w/o changes
# A sample script to establish PPP sessions via SSH 1.x
# Adi masputra <adi.masputra @ sun.com> # Jan 24, 2000

# You'd definitely want to change the following addresses for your network


export LOC_IP REM_IP

# This is the remote peer where sshd is running, either its hostname or IP

# For this example, assume that ppd on both local and remote machines reside
# in the same place, /usr/local/bin/pppd

# The location of local options files (where ssh client is running0
# Note that the smaple options file included in the distro
# may need further customizations, depending on your needs.
# The 'noauth' option specified in teh file is there to simplify
# the example, although some may choose to just do auth instead

# The location of remote options file (where sshd daemon is running)
# ditto above
# Also note that the remote options file need to include the 'notty'
# options for this to work

# The location of ssh client on the local machine


# Uncomment the following to enable IPv6, note it needs to be enabled during compilation
# PPPD_IPV6='+ipv6 ipv6cp-use-ipaddr'
export PPPD_IPV6

# And execute pppd with the pty option, specifying ssh client as the slave side of the
# pseudo-tty master/slave pair. Note that in this example, ssh has been compiled to allo
# NULL encryption (thus the '-c none' option), but in reality, you'd probably want to
# specify the encryption algorithm. See man ssh(1) for details
exec $PPD_LOC \
     pty '$SSH_LOC -c blowfish $PPPD_RHOST $PPPD_LOC $REM_IP:$LOC_IP $PPPD_IPV6 file $PPPD_REM_OPT ' \

howto/sshppp.txt · Last modified: 2009/01/03 12:13 by bw
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki