Re: PPTP VPN

[Chris Turner <c.turner@xxxxxxxxxxxxxxxxxxx>]

On 08/19/11 18:00, Pierre Abbat wrote:
> I've looked all over the Web and tried things and nothing worked right. And I
> still don't understand what's going on.
>
> What does pppd do, and what does pptp do? Why are they separate?
>
> There is a package "ssh-ip-tunnel-1.0nb1 = Simple VPN system using pppd over
> ssh". I can ssh into the box. Can I use this and get the same IP address that
> I'm supposed to get with pppd and pptp? Do I have to log in as root?
>
> Pierre

Oh Man. This is a can of worms :D

opening. carefully. anyone feel free to chime in and correct me
where I am wrong :D

Basically - VPN is a generic term for an encrypted network tunnel,
with many possible technologies - simple SSH/SSL tunnels, IPSEC
tunnels, PPTP, OpenVPN, and others.

PPP is the 'point to point' protocol - which can be used for setting
up a variety of network links, most often modems / ISDN / T1+ lines
but also other various configurations such as GSM modems, wide-area
fiber optic links, etc.

In DragonFly we have 2x implementations of PPP - one, 'ppp' which
runs as a userland tool on top of the tun/tap device, another, pppd
which runs in kernel space. There is also a netgraph(3) implementation
of PPP - I don't recall if this is separate from the 'pppd' kernel
version or used to support it .  The ppp one is a bit easier to
setup/debug due to the nifty command shell it has, but is slower
performing than pppd due to the user<->kernel  data copying
requirements.  The 'ppp' (userland) version of PPP is common across
the BSD's and differs from a different 'ppp' (userland) version
which was implemented for linux with different commands, configuration,
etc - however, all speak 'PPP'.

PPP is a serial communications protocol, and as such is often setup
over terminal lines (such as a dialup modem tty, etc) - it appears
that the ssh-ip-tunnel package uses the 'dial up tty' portion of
SSH in combination with the '/usr/sbin/pppd' (kernel mode) package.
Keeping in mind that the package is in pkgsrc and requires kernel
features - the netbsd kernel mode pppd package has common ancestry
with the netbsd kernel mode version and so the ssh-ip-tunnel might
work for setting up these kinds of vpn's using the dragonfly
kernel-mode pppd implementation.

However, PPTP is a specific and somewhat standardized method /
protocol of tunneling PPP (point to point) traffic over an existing
IP infrastructure and as such you will need a PPTP implementation
to connect to the remote end. As the pptp package is the client
only one, this is the one you'll need to use - the freebsddiary
post is a bit confusing because it defines the pptp configuration
file as ppp.conf - however, whatever the file is called it needs
to be called using the pptp program.

Usually / generically speaking for VPN's in general there is some
primary connection which is established to negotiate the configuration
of the actual tunneled connection - the exact specifics of the
negotiation and what authentication is required will vary according
to the given setup / choice of VPN technology and other administrator
settings - again not being versed in PPTP and your particular
situation, I can't say what this might mean for your case, e.g.
root, dialup, foo, etc.

Hope this clears things up a bit / somewhat.

Or makes them murkier in a way that might lead to clarity :D

And keep up your hope - I think if one can configure a PPP or VPN
link and a mail server 'blind', one can pretty much configure
anything in the world of computers so this is 50% of the battle :D

Cheers & Good luck.

- Chris