[Openswan Users] IPSec+L2TP server-side routes to client

Brett Cave brett at jemstep.com
Mon Mar 12 11:57:37 EDT 2012


>
>> Any way to assign different /28 subnets to specific users with this
>> implementation?
>>
>
> I would define "ip range" to be a CIDR, and not an arbitrary range
> eg: ip range = 192.168.10.16-192.168.10.48
>
> then use 192.168.10.16/27 in chap-secrets
> Note that if you assign 192.168.1.14 staticly, it should NOT be in
> the "ip range" or else it will ALSO get assignd from the pool.
> For static single ip assignments use a seperate range that is not
> part of "ip range".
>

I'm a little confused about 1 thing: if chap-secrets has 192.168.1.0/24 and
xl2tpd has ip range = 192.168.1.0/24, then will what manages the address
pool - pppd or l2tpd?

Because if i use 192.168.1.16/28 in chap-secrets, then either pppd does not
parse CIDR addresses correctly or xl2tpd is handing out IPs from it's
configured range (e.g. if the user with .1.16/28 is the first client to
connect, i get an error in the logs that the user tried to connect with
192.168.1.2 but access was denied as per chap-secrets configuration)

But if I use 192.168.1.7 in chap-secrets, then it definitely seems that
pppd is handing out the IP's, because the user gets the static mapping.




> Paul
>
>> Thanks
>> Brett
>>
>>
>>      Paul
>>
>>
>>
>>
>> --
>>
>>
>>
>>


-- 


Brett Cave
Jemstep, Inc

www.jemstep.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120312/5b682cc7/attachment.html>


More information about the Users mailing list