[Openswan Users] IPSec+L2TP server-side routes to client
brett at jemstep.com
Mon Mar 12 11:57:37 EDT 2012
>> Any way to assign different /28 subnets to specific users with this
> I would define "ip range" to be a CIDR, and not an arbitrary range
> eg: ip range = 192.168.10.16-192.168.10.48
> then use 192.168.10.16/27 in chap-secrets
> Note that if you assign 192.168.1.14 staticly, it should NOT be in
> the "ip range" or else it will ALSO get assignd from the pool.
> For static single ip assignments use a seperate range that is not
> part of "ip range".
I'm a little confused about 1 thing: if chap-secrets has 192.168.1.0/24 and
xl2tpd has ip range = 192.168.1.0/24, then will what manages the address
pool - pppd or l2tpd?
Because if i use 192.168.1.16/28 in chap-secrets, then either pppd does not
parse CIDR addresses correctly or xl2tpd is handing out IPs from it's
configured range (e.g. if the user with .1.16/28 is the first client to
connect, i get an error in the logs that the user tried to connect with
192.168.1.2 but access was denied as per chap-secrets configuration)
But if I use 192.168.1.7 in chap-secrets, then it definitely seems that
pppd is handing out the IP's, because the user gets the static mapping.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users