<br><br><div class="gmail_quote">On Mon, Mar 12, 2012 at 4:55 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@nohats.ca">paul@nohats.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="im">On Mon, 12 Mar 2012, Brett Cave wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
I have an openswan IPSec + xl2tpd server configuration and was wondering if there was a way to send routes to the<br>
clients from the server side? I get this functionality when I connect to Cisco IPSec gateways, and I know MS IPSec<br>
server implementations support this too. I'm guessing this would be something that pppd would do, configured through the<br>
xl2tp options? Or would I need to configure BGP to get this working? The main objective is to provide routes to clients<br>
without client-side route configuration.<br>
</blockquote>
<br></div>
I don't think that is supported with L2TP?<br>
<br>
If it is some negotiated option, then I'm sure we could add support for<br>
it, either in xl2tpd or pppd.<span class="HOEnZb"><font color="#888888"><br></font></span></blockquote><div><br>After searching some more, looks like it isn't possible, as pppd uses it's own internal implementation of IP address assignment to clients, and it doesn't support the sending of routes to the client. I've come across a few discussions in forums saying that the ability to hook in DHCP would be great, and that RIP is 1 viable solution to use for the time being. If this could be done added into an openswan + l2tp implementation, I think a lot of people would find it useful.<br>
<br>Here are 2 discussions I came across, discussing the protocols:<br><a href="http://forum.mikrotik.com/viewtopic.php?f=14&t=56079">http://forum.mikrotik.com/viewtopic.php?f=14&t=56079</a><br><a href="http://forum.mikrotik.com/viewtopic.php?f=8&t=10405">http://forum.mikrotik.com/viewtopic.php?f=8&t=10405</a><br>
<br><br><br>I also had a problem with setting up subnets > /24 mask - with xl2tpd and pppd's chap-secrets<br>examples (server side) - only tested with a few connections:<br>username l2tp "pass" <a href="http://192.168.1.0/24">192.168.1.0/24</a> # assigns IP from the <a href="http://192.168.1.0/24">192.168.1.0/24</a> range correctly<br>
user2 l2tp "pass" 192.168.1.14 # assigns IP correctly<br>user3 l2tp "pass" <a href="http://192.168.1.0/28">192.168.1.0/28</a> # assigns IP within range, but only 2 or 3 clients connected. guessing this might not work as per example below<br>
user4 l2tp "pass" <a href="http://192.168.1.16/28">192.168.1.16/28</a> # fails <br><br>xl2tpd.conf has:<br>[lns default]<br>ip range = 192.168.10.2-192.168.10.46<br>local ip = 192.168.10.1<br>
<br>Any way to assign different /28 subnets to specific users with this implementation?<br><br>Thanks<br>Brett<br> <br></div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="HOEnZb"><font color="#888888">
<br>
Paul<br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><br>