Fw: [pptp-server] Managing multiple authentication domains

mike at bayoffice.net mike at bayoffice.net
Thu May 4 12:38:46 CDT 2000


On Thu, 4 May 2000, Gord Belsey wrote:
> 
> > Have a look at the options ipcp-accept-local and ipcp-accept-remote.  With
> > these commands in your /etc/ppp/options file, PoPToP will accept a clients
> > request for specific IP addresses rather than assigning them from a pool.
> > The clioent then can request a local and remote address for the ppp
> > connection.  The advantage is you can control what address (therefore
> > subnet) the client is using.
> >
	The problem, however, is that clients misconfigure themselves all
the time, and this soluton affords no way to force them to either get it
right or not get on the system at all. I don't see where this 'control'
you mention comes from - if you turn on the ipcp-accept-local and remote
options, there is no ppp way of saying that, based on these chap
credentials, they will be boxed into this certain range of addresses. I
want a user to be associated with a particular network so when they 'vpn 
in', they cannot access resources on any network other than their
assigned one. 

	The client I'm interested in serving is primarilly windows
clients with the vpn adaptor, by the way...

-- 
Mike Ireton
Senior Systems Engineer
Bay Office Net - http://www.bayoffice.net
Voice (415) 643-8700				"Where do you want to go today?"
Fax   (415) 643-8777				With Linux, I'm already there....




More information about the pptp-server mailing list