Fw: [pptp-server] Managing multiple authentication domains

Terrelle Shaw hshaw at healthcentralrx.com
Thu May 4 14:07:43 CDT 2000


Then why don't you create the vpn "ip's" on a network that you use access
lists or routes to keep them from going where you dont want them too?

Terrelle Shaw


-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of
mike at bayoffice.net
Sent: Thursday, May 04, 2000 10:39 AM
To: pptp-server at lists.schulte.org
Subject: Re: Fw: [pptp-server] Managing multiple authentication domains


On Thu, 4 May 2000, Gord Belsey wrote:
>
> > Have a look at the options ipcp-accept-local and ipcp-accept-remote.
With
> > these commands in your /etc/ppp/options file, PoPToP will accept a
clients
> > request for specific IP addresses rather than assigning them from a
pool.
> > The clioent then can request a local and remote address for the ppp
> > connection.  The advantage is you can control what address (therefore
> > subnet) the client is using.
> >
	The problem, however, is that clients misconfigure themselves all
the time, and this soluton affords no way to force them to either get it
right or not get on the system at all. I don't see where this 'control'
you mention comes from - if you turn on the ipcp-accept-local and remote
options, there is no ppp way of saying that, based on these chap
credentials, they will be boxed into this certain range of addresses. I
want a user to be associated with a particular network so when they 'vpn
in', they cannot access resources on any network other than their
assigned one.

	The client I'm interested in serving is primarilly windows
clients with the vpn adaptor, by the way...

--
Mike Ireton
Senior Systems Engineer
Bay Office Net - http://www.bayoffice.net
Voice (415) 643-8700				"Where do you want to go today?"
Fax   (415) 643-8777				With Linux, I'm already there....

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!




More information about the pptp-server mailing list