I have just downloaded and installed the ssh-vpn scripts for ssh-vpn from:
http://www.dragonsdawn.net/~gordon/vpn/ssh-vpn-20020608.tar.gz
I really like the way this is setup using the group and individual
connection scheme but I am having problems with the user portion being
resolved correctly. I have several connections I would like to manages
with this but obviously have something wrong.
Has anyone used these? I emailed Gordon but have not recived a response
yet, so I thought I would ask the list.
I get logged in ok as the user but apparently ifup checks to see if the
uid os 0 and if not calls usernetctl which in turn sets the uid to 0 and
calls ifup again only this time as root.so that by the time
ifup-vpnserver is called whoami returns root. There fore I can only get
connected if I have a ifcfg-vpnserver-root file.\
Any tips are appreciated.
As you can see from the following scripts, I left the scritpnames the
same as in the tarball
[root@lab160 network-scripts]# ls *vpn*
ifcfg-vpnserver0 ifcfg-vpnserver0-vpnmct ifup-vpnserver
ifcfg-vpnserver0-root ifdown-vpnserver
# vpnserver-user files are empty. I cannot get connected unless the
# *.root file exists
******************************************************************************
[root@lab160 network-scripts]# cat ifcfg-vpnserver0
DEVICE="vpnserver0"
ONBOOT="no"
USERCTL="yes"
# Default idle time is one hour (3600 seconds)
# If we were cool, it'd be 43 minutes (2600 seconds)
IDLETIME="3600"
DEBUG="no"
PPPOPTIONS=""
POOL="192.168.0.30 192.168.0.31 192.168.0.32 192.168.0.33 192.168.0.34"
SERVERIP="192.168.0.35"
******************************************************************************
[root@lab160 .ssh]# pwd
/home/vpnmct/.ssh
[root@lab160 .ssh]# cat authorized_keys
command="/sbin/ifup vpnserver0" ssh-dss AAAAB3NzaC1 ...
I tweaked a little on ifup to figure out what was happening. Changes and
the output follows:
***********************************************************************
changed portions of portions of ifup and some context:
VUSER=$(/usr/bin/whoami)
logger "ifup user is $VUSER"
PATH=/sbin:/usr/sbin:/bin:/usr/bin
TEXTDOMAIN=initscripts
cd /etc/sysconfig/network-scripts
. network-functions
. /etc/rc.d/init.d/functions
VUSER=$(/usr/bin/whoami)
logger "ifup1 user is $VUSER"
[ -f ../network ] && . ../network
[ -f ../networking/network ] && . ../networking/network
<snip>
VUSER=$(/usr/bin/whoami)
logger "ifup2 user is $VUSER"
if [ ${UID} != 0 ]; then
if [ -x /usr/sbin/usernetctl ]; then
if /usr/sbin/usernetctl ${CONFIG} report ; then
exec /usr/sbin/usernetctl ${CONFIG} up
fi
fi
echo $"Users cannot control this device." >&2
exit 1
fi
VUSER=$(/usr/bin/whoami)
logger "ifup3 user is $VUSER"
source_config
***************************************************************************
and a logger entry in /etc/sysconfig/network-scripts/ifup-vpnserver:
# Base the config on the user dialing in:
USER=`whoami`
logger "ifup-vpnserver vpn user = $USER"
***************************************************************************
Here's what /var/log/messags looks like with a ifcfg-vpnserver0-root
file
Jun 12 17:18:43 lab160 sshd(pam_unix)[13541]: session opened for user
vpnmct by (uid=0)
Jun 12 17:18:44 lab160 vpnmct: ifup user is vpnmct
Jun 12 17:18:44 lab160 vpnmct: ifup1 user is vpnmct
Jun 12 17:18:44 lab160 vpnmct: ifup2 user is vpnmct
Jun 12 17:18:44 lab160 vpnmct: ifup user is root
Jun 12 17:18:44 lab160 vpnmct: ifup1 user is root
Jun 12 17:18:44 lab160 vpnmct: ifup2 user is root
Jun 12 17:18:44 lab160 vpnmct: ifup3 user is root
Jun 12 17:18:44 lab160 vpnmct: ifup-vpnserver vpn user = root
Jun 12 17:18:44 lab160 ifup-vpn: vpn: pppd started for root on
192.168.0.30
Jun 12 17:18:44 lab160 pppd[13631]: pppd 2.4.1 started by vpnmct, uid 0
Jun 12 17:18:44 lab160 pppd[13631]: Using interface ppp0
Jun 12 17:18:44 lab160 pppd[13631]: Connect: ppp0 <--> /dev/pts/1
Jun 12 17:18:44 lab160 pppd[13631]: Deflate (15) compression enabled
Jun 12 17:18:44 lab160 pppd[13631]: Cannot determine ethernet address
for proxy ARP
Jun 12 17:18:44 lab160 pppd[13631]: local IP address 192.168.0.35
Jun 12 17:18:44 lab160 pppd[13631]: remote IP address 192.168.0.30
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
