I try to cover here the vulnerability issues arising from this particular setup and VPNs in general. Any comments are warmly welcome.
- sudo: Well, I'm excessively using sudo. I believe it's still safer than using setuid bits. It's still a backdraw of Linux that it hasn't got more fine-grained access control. Waiting for POSIX.6 compatibility <http://www.xarius.demon.co.uk/software/posix6/>. What is worse, there are shell scripts which are getting called through sudo. Bad enough. Any idea out there?
- pppd: It runs suid root also. It can be configured by user's .ppprc. There might be some nice buffer overruns in it. The bottom line: secure your slave account as tightly as you can.
- ssh: Beware that ssh older than 1.2.20 has security holes. What is worse, we made a configuration such when the master account had been compromised, the slave account is also compromised, and wide open to attacks using the two sudoed programs. It is because I've choosen not to have password on the master's secret key to enable automatic setup of the VPN.
- firewall: With inproperly set firewall rules on one bastion, you open both of the intranets. I recommend using IP masquerading (as setting up incorrect routes is a bit less trivial), and doing hard control on the VPN interfaces.
I developed this technique when there was no usable, standard
VPN for Linux. Now this is no longer the case.
At the time of writing this, you have the following alternatives:
If you want to use standard IPSEC VPN, you can use FreeS/WAN or pipsecd.
For PPTP you can use PoPToP (but be aware that PPTP protocol has
weaknesses). It is also worth to mention CIPE which is a lightweight
alternative for IPSEC.
This wide range of alternatives means that the ssh/ppp implementation
described in this howto is in the most cases not the best solution.
This is due the fact that this implementation is complex to set up
and has performance problems because of its tcp based nature.
I believe that the ssh/ppp technique is no longer beneficial for
building a VPN for non-illegal purposes in most cases, so I have
discontinued maintaining this HOWTO.