[Openswan Users] IPSec+L2TP server-side routes to client
pwouters at redhat.com
Mon Mar 12 11:38:31 EDT 2012
On Mon, 12 Mar 2012, Brett Cave wrote:
> After searching some more, looks like it isn't possible, as pppd uses it's own internal implementation of IP address
> assignment to clients, and it doesn't support the sending of routes to the client. I've come across a few discussions in
> forums saying that the ability to hook in DHCP would be great, and that RIP is 1 viable solution to use for the time
> being. If this could be done added into an openswan + l2tp implementation, I think a lot of people would find it useful.
> Here are 2 discussions I came across, discussing the protocols:
I don't think anyone wants RIP to continue anywhere :/
> I also had a problem with setting up subnets > /24 mask - with xl2tpd and pppd's chap-secrets
> examples (server side) - only tested with a few connections:
> username l2tp "pass" 192.168.1.0/24 # assigns IP from the 192.168.1.0/24 range correctly
> user2 l2tp "pass" 192.168.1.14 # assigns IP correctly
> user3 l2tp "pass" 192.168.1.0/28 # assigns IP within range, but only 2 or 3 clients connected.
> guessing this might not work as per example below
> user4 l2tp "pass" 192.168.1.16/28 # fails
> xl2tpd.conf has:
> [lns default]
> ip range = 192.168.10.2-192.168.10.46
> local ip = 192.168.10.1
> Any way to assign different /28 subnets to specific users with this implementation?
I would define "ip range" to be a CIDR, and not an arbitrary range
eg: ip range = 192.168.10.16-192.168.10.48
then use 192.168.10.16/27 in chap-secrets
Note that if you assign 192.168.1.14 staticly, it should NOT be in
the "ip range" or else it will ALSO get assignd from the pool.
For static single ip assignments use a seperate range that is not
part of "ip range".
More information about the Users