[pptp-server] pptp and routing multiple connections

Larry Rivera larrydog at coqui.net
Mon Aug 14 11:20:48 CDT 2000


Hello Leif:
The only problem with that is that someone at pptp server told me that you
should not ask for ip addresses rather that you should allow the pptpd daemon
to assign all ip's dynamically in order for it to work properly.

Also, please note that I am NOT asking for proxyarp, rather turning it off
with the -proxyarp option. Reason being that we need full routing throughout
and proxyarp will assign the same ip address to all incoming connections.
(correct me if I'm wrong please)
LR


Leif Larsson wrote:

> We too have two subnets and need different IP's. My solution
> was to modify "chap-secrets". Depending on who is calling
> (who is authenticating really) you get a preasigned IP-adress.
>
> The "local-ip" entry in options.pptpd is not so important, as
> the server is routing traffic anyway.
> The IP-adresses in the chap-secrets file must conform to some
> of the subnets, else the server wont be able to proxyarp.
>
> Just my 2 cents..
>
> Leif
>
> Larry Rivera wrote:
> >
> > Hello:
> >
> > I have been working on routing multiple pptp connections and would like
> > to share my solution and see if anyone has a better option:
> > Problem: When implementing multiple pptp tunnels we all know that the
> > pptpd daemon dynamically assigns ip addresses according to what is
> > established in /etc/pptpd.conf, i.e.
> >
> > /etc/pptpd.conf
> >
> > speed 115200
> > option /etc/ppp/options.pptpd
> > localip X.X.10.201-210  (needed for multiple connections)
> > remoteip X.X.10.211-220
> >
> > Other parameters are established in the options.pptpd file:
> > /etc/ppp/options.pptpd
> >
> > lock
> > #debug
> > name federal2
> > auth
> > require-chap
> > -proxyarp (needed for full routing)
> >
> > I have two subnets X.X.5.0 and X.X.6.0 which must establish their routes
> > when connecting.  The only problem is that since these are virtual
> > connections there is no parameter in /etc/ppp/ip-up & ip-down that will
> > properly route the connections so that each subnet is routed correctly.
> > (Example: the ppp* interface ($5 variable) will raise according to what
> > pptpd determines) therefore there is no way I can say ppp1 will be for
> > X.X.5.0 and ppp2 will be for X.X.6.0. Since these are not serial
> > connections I cannot use ttyS* ($2 variable) to set these routes.
> > Similarly, the variables that set the remote address cannot be used
> > because pptpd will change this according to need.
> >
> > The following code will at least set the routes according to the name
> > sent to the system when chap authentication occurs.
> > ###/etc/ppp/ip-up
> >
> > ###Caguas
> > tail -n 10 /usr/local/log/pptpd.log > /tmp/vpn
> > result=`grep fed5 /tmp/vpn`
> > if [ "$result" ]
> > then
> >   /sbin/route add -net X.X.6.0 netmask 255.255.255.0 gw $5
> > fi
> >
> > #####Ponce
> > tail -n 10 /usr/local/log/pptpd.log > /tmp/vpn
> > result=`grep fed4 /tmp/vpn`
> > if [ "$result" ]
> > then
> >   /sbin/route add -net X.X.5.0 netmask 255.255.255.0 gw $5
> > fi
> >
> > On multiple pptp connections this will ensure that anytime "fed4" or
> > "fed5" connect, the system will set the proper route to that subnet.
> >
> > Any comments?
> > LR
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
>
> --
> ________________
> L3 System
> www.l3system.net
> ----------------
> PGP key fingerprint = 11 81 96 E6 F0 91 ED 4D  13 82 44 99 99 DB AE 8B
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!




More information about the pptp-server mailing list