[pptp-server] pptp and routing multiple connections

Leif Larsson leif at l3system.net
Mon Aug 14 09:37:38 CDT 2000 

We too have two subnets and need different IP's. My solution 
was to modify "chap-secrets". Depending on who is calling 
(who is authenticating really) you get a preasigned IP-adress.

The "local-ip" entry in options.pptpd is not so important, as 
the server is routing traffic anyway.
The IP-adresses in the chap-secrets file must conform to some 
of the subnets, else the server wont be able to proxyarp.

Just my 2 cents..

Leif

Larry Rivera wrote:
> 
> Hello:
> 
> I have been working on routing multiple pptp connections and would like
> to share my solution and see if anyone has a better option:
> Problem: When implementing multiple pptp tunnels we all know that the
> pptpd daemon dynamically assigns ip addresses according to what is
> established in /etc/pptpd.conf, i.e.
> 
> /etc/pptpd.conf
> 
> speed 115200
> option /etc/ppp/options.pptpd
> localip X.X.10.201-210  (needed for multiple connections)
> remoteip X.X.10.211-220
> 
> Other parameters are established in the options.pptpd file:
> /etc/ppp/options.pptpd
> 
> lock
> #debug
> name federal2
> auth
> require-chap
> -proxyarp (needed for full routing)
> 
> I have two subnets X.X.5.0 and X.X.6.0 which must establish their routes
> when connecting.  The only problem is that since these are virtual
> connections there is no parameter in /etc/ppp/ip-up & ip-down that will
> properly route the connections so that each subnet is routed correctly.
> (Example: the ppp* interface ($5 variable) will raise according to what
> pptpd determines) therefore there is no way I can say ppp1 will be for
> X.X.5.0 and ppp2 will be for X.X.6.0. Since these are not serial
> connections I cannot use ttyS* ($2 variable) to set these routes.
> Similarly, the variables that set the remote address cannot be used
> because pptpd will change this according to need.
> 
> The following code will at least set the routes according to the name
> sent to the system when chap authentication occurs.
> ###/etc/ppp/ip-up
> 
> ###Caguas
> tail -n 10 /usr/local/log/pptpd.log > /tmp/vpn
> result=`grep fed5 /tmp/vpn`
> if [ "$result" ]
> then
>   /sbin/route add -net X.X.6.0 netmask 255.255.255.0 gw $5
> fi
> 
> #####Ponce
> tail -n 10 /usr/local/log/pptpd.log > /tmp/vpn
> result=`grep fed4 /tmp/vpn`
> if [ "$result" ]
> then
>   /sbin/route add -net X.X.5.0 netmask 255.255.255.0 gw $5
> fi
> 
> On multiple pptp connections this will ensure that anytime "fed4" or
> "fed5" connect, the system will set the proper route to that subnet.
> 
> Any comments?
> LR
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

-- 
________________
L3 System
www.l3system.net
----------------
PGP key fingerprint = 11 81 96 E6 F0 91 ED 4D  13 82 44 99 99 DB AE 8B

More information about the pptp-server mailing list