[Openswan Users] IPSec+L2TP server-side routes to client
pwouters at redhat.com
Mon Mar 12 14:25:39 EDT 2012
On Mon, 12 Mar 2012, Brett Cave wrote:
> I'm a little confused about 1 thing: if chap-secrets has 192.168.1.0/24 and xl2tpd has ip range = 192.168.1.0/24, then
> will what manages the address pool - pppd or l2tpd?
It is a little confusing. I believe xl2tpd handles the pool and passes
the IP to pppd. I believe pppd might verify the IP it got passed from
xl2tpd falls within the pool.
I personally only assign as follows:
- static ips in chap-secrets are outside the xltpd "ip range" pool.
- subnets in chap-secrets are within the xl2tpd "ip range" pool.
> Because if i use 192.168.1.16/28 in chap-secrets, then either pppd does not parse CIDR addresses correctly or xl2tpd is
> handing out IPs from it's configured range (e.g. if the user with .1.16/28 is the first client to connect, i get an
> error in the logs that the user tried to connect with 192.168.1.2 but access was denied as per chap-secrets
> But if I use 192.168.1.7 in chap-secrets, then it definitely seems that pppd is handing out the IP's, because the user
> gets the static mapping.
That's the behaviour I see too.
If someone wants to dive in the code and have a look, and fixup the
documentation, that would be great :)
More information about the Users