[pptp-server] pptp and routing multiple connections

Leif Larsson leif at l3system.net
Tue Aug 15 01:49:02 CDT 2000


Hello Larry,

Our setup goes like this:

Two subnets on the inside:
192.168.1.0 (subnet interface has 192.168.1.1)
192.168.2.0 (subnet interface has 192.168.2.1)

If caller A calls, the server chap-secrets file is setup so he gets
192.168.1.50
If caller B calls, the server chap-secrets file is setup so he gets
192.168.2.50

When caller A calls the server gives him 192.168.1.50 and automatically 
routes traffic to 192.168.1.1 (because of the proxyarp option)

The only problem i see might arise is if some caller calls in 2 times, 
i havent tried this yet, if it fails i might have to use to your 
solution. Right now the users are told to hangup when they are ready.
Besides of that the solution works really good (at least for 6-7
dialins).

Leif Larsson


Larry Rivera wrote:
> 
> Hello Leif:
> The only problem with that is that someone at pptp server told me that you
> should not ask for ip addresses rather that you should allow the pptpd daemon
> to assign all ip's dynamically in order for it to work properly.
> 
> Also, please note that I am NOT asking for proxyarp, rather turning it off
> with the -proxyarp option. Reason being that we need full routing throughout
> and proxyarp will assign the same ip address to all incoming connections.
> (correct me if I'm wrong please)
> LR
> 
> Leif Larsson wrote:
> 
> > We too have two subnets and need different IP's. My solution
> > was to modify "chap-secrets". Depending on who is calling
> > (who is authenticating really) you get a preasigned IP-adress.
> >
> > The "local-ip" entry in options.pptpd is not so important, as
> > the server is routing traffic anyway.
> > The IP-adresses in the chap-secrets file must conform to some
> > of the subnets, else the server wont be able to proxyarp.
> >
> > Just my 2 cents..
> >
> > Leif
> >
> > Larry Rivera wrote:
> > >
> > > Hello:
> > >
> > > I have been working on routing multiple pptp connections and would like
> > > to share my solution and see if anyone has a better option:
> > > Problem: When implementing multiple pptp tunnels we all know that the
> > > pptpd daemon dynamically assigns ip addresses according to what is
> > > established in /etc/pptpd.conf, i.e.
> > >
> > > /etc/pptpd.conf
> > >
> > > speed 115200
> > > option /etc/ppp/options.pptpd
> > > localip X.X.10.201-210  (needed for multiple connections)
> > > remoteip X.X.10.211-220
> > >
> > > Other parameters are established in the options.pptpd file:
> > > /etc/ppp/options.pptpd
> > >
> > > lock
> > > #debug
> > > name federal2
> > > auth
> > > require-chap
> > > -proxyarp (needed for full routing)
> > >
> > > I have two subnets X.X.5.0 and X.X.6.0 which must establish their routes
> > > when connecting.  The only problem is that since these are virtual
> > > connections there is no parameter in /etc/ppp/ip-up & ip-down that will
> > > properly route the connections so that each subnet is routed correctly.
> > > (Example: the ppp* interface ($5 variable) will raise according to what
> > > pptpd determines) therefore there is no way I can say ppp1 will be for
> > > X.X.5.0 and ppp2 will be for X.X.6.0. Since these are not serial
> > > connections I cannot use ttyS* ($2 variable) to set these routes.
> > > Similarly, the variables that set the remote address cannot be used
> > > because pptpd will change this according to need.
> > >
> > > The following code will at least set the routes according to the name
> > > sent to the system when chap authentication occurs.
> > > ###/etc/ppp/ip-up
> > >
> > > ###Caguas
> > > tail -n 10 /usr/local/log/pptpd.log > /tmp/vpn
> > > result=`grep fed5 /tmp/vpn`
> > > if [ "$result" ]
> > > then
> > >   /sbin/route add -net X.X.6.0 netmask 255.255.255.0 gw $5
> > > fi
> > >
> > > #####Ponce
> > > tail -n 10 /usr/local/log/pptpd.log > /tmp/vpn
> > > result=`grep fed4 /tmp/vpn`
> > > if [ "$result" ]
> > > then
> > >   /sbin/route add -net X.X.5.0 netmask 255.255.255.0 gw $5
> > > fi
> > >
> > > On multiple pptp connections this will ensure that anytime "fed4" or
> > > "fed5" connect, the system will set the proper route to that subnet.
> > >
> > > Any comments?
> > > LR
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulteconsulting.com!
> >
> > --
> > ________________
> > L3 System
> > www.l3system.net
> > ----------------
> > PGP key fingerprint = 11 81 96 E6 F0 91 ED 4D  13 82 44 99 99 DB AE 8B
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

-- 
________________
L3 System
www.l3system.net
----------------
PGP key fingerprint = 11 81 96 E6 F0 91 ED 4D  13 82 44 99 99 DB AE 8B



More information about the pptp-server mailing list