* pptpd
@ 2008-12-13 19:18 tony.chamberlain
2008-12-13 19:33 ` pptpd James Carlson
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: tony.chamberlain @ 2008-12-13 19:18 UTC (permalink / raw)
To: linux-ppp
I set up a pptpd server and connected to it. When I connected to it
(after figuring some routing) I was able to ping machines I wouldn't
otherwise be able to.
There is a range of IPs for the VPN in pptpd.conf:
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
and then in CHAP secrets I put logins and passwords.
Thing is, people need their own IP address (need to count
on it each time they connect). For instance, if I have
something in chap secrets like
lincoln * abraham *
I want to add something like 192.168.0.234 so that whenever someone
signs in as lincoln he alwasy gets IP address 192.168.0.234 (and similarly
if they log in as say, jefferson, they alwasy get 192.168.0.235 -- or
always the SAME IP different than 192.168.0.234)
Can I do this somehow? Doesn't have to be in chap-secrets as long as
I can do it. Is there something like an options.lincoln file?
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: pptpd
2008-12-13 19:18 pptpd tony.chamberlain
@ 2008-12-13 19:33 ` James Carlson
2008-12-13 19:39 ` pptpd James Carlson
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: James Carlson @ 2008-12-13 19:33 UTC (permalink / raw)
To: linux-ppp
tony.chamberlain@lemko.com writes:
> and then in CHAP secrets I put logins and passwords.
> Thing is, people need their own IP address (need to count
> on it each time they connect). For instance, if I have
> something in chap secrets like
>
>
>
> lincoln * abraham *
Change that to:
lincoln * abraham 192.168.0.234
> Can I do this somehow? Doesn't have to be in chap-secrets as long as
> I can do it. Is there something like an options.lincoln file?
No, but if the fifth element on the line is "--", you can add extra
options there. These are applied only after the PPP Authentication
phase, so they can't be LCP or auth options. For instance:
lincoln * abraham 192.168.0.234 -- novj
You can also specify the fourth parameter as an allowed address range
or include "+" to specify that the address is formed using the unit
number. See the man page for details.
--
James Carlson 42.703N 71.076W <carlsonj@workingcode.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: pptpd
2008-12-13 19:18 pptpd tony.chamberlain
2008-12-13 19:33 ` pptpd James Carlson
@ 2008-12-13 19:39 ` James Carlson
2008-12-14 23:20 ` pptpd James Cameron
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: James Carlson @ 2008-12-13 19:39 UTC (permalink / raw)
To: linux-ppp
James Carlson writes:
> tony.chamberlain@lemko.com writes:
> > and then in CHAP secrets I put logins and passwords.
> > Thing is, people need their own IP address (need to count
> > on it each time they connect). For instance, if I have
> > something in chap secrets like
One other thing I should have noted: this controls only the address
negotiated by IPCP.
The user can use any source address he wants into the packets he
sends, regardless of what was actually negotiated by IPCP. This is
normal and expected -- it's how routing works -- so don't think of the
negotiation as any sort of "security." It's a parameter assignment
mechanism, and nothing else. Think if it as advisory information.
If you need to restrict the usage of the link (e.g., limit the set of
source addresses that the remote peer may use), then you'll need to
set up packet filters on your end. These are independent of PPP.
The very same issue shows up with all types of links, including
Ethernet: if you want to restrict what you allow, then you need to
configure filters. Link protocols generally don't do that for you,
and the restrictions you use will depend on the exact needs of the
deployment.
--
James Carlson 42.703N 71.076W <carlsonj@workingcode.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: pptpd
2008-12-13 19:18 pptpd tony.chamberlain
2008-12-13 19:33 ` pptpd James Carlson
2008-12-13 19:39 ` pptpd James Carlson
@ 2008-12-14 23:20 ` James Cameron
2008-12-15 14:24 ` pptpd tony.chamberlain
2008-12-15 14:40 ` pptpd James Carlson
4 siblings, 0 replies; 6+ messages in thread
From: James Cameron @ 2008-12-14 23:20 UTC (permalink / raw)
To: linux-ppp
If you give the choice of IP address to pppd as James has suggested,
tell pptpd not to provide the IP address on the pppd command line.
pptpd.conf delegate option controls that, see man pptpd.conf
--
James Cameron http://quozl.netrek.org/
HP Open Source, Volunteer http://opensource.hp.com/
PPTP Client Project, Release Engineer http://pptpclient.sourceforge.net/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: pptpd
2008-12-13 19:18 pptpd tony.chamberlain
` (2 preceding siblings ...)
2008-12-14 23:20 ` pptpd James Cameron
@ 2008-12-15 14:24 ` tony.chamberlain
2008-12-15 14:40 ` pptpd James Carlson
4 siblings, 0 replies; 6+ messages in thread
From: tony.chamberlain @ 2008-12-15 14:24 UTC (permalink / raw)
To: linux-ppp
-----Original Message-----
From: James Carlson [mailto:carlsonj@workingcode.com]
Sent: Saturday, December 13, 2008 01:33 PM
To: tony.chamberlain@lemko.com
Cc: 'ppp, Linux'
Subject: Re: pptpd
tony.chamberlain@lemko.com writes:
> and then in CHAP secrets I put logins and passwords.
> Thing is, people need their own IP address (need to count
> on it each time they connect). For instance, if I have
> something in chap secrets like
>
>
>
> lincoln * abraham *
Change that to:
lincoln * abraham 192.168.0.234
> Can I do this somehow? Doesn't have to be in chap-secrets as long as
> I can do it. Is there something like an options.lincoln file?
No, but if the fifth element on the line is "--", you can add extra
options there. These are applied only after the PPP Authentication
phase, so they can't be LCP or auth options. For instance:
lincoln * abraham 192.168.0.234 -- novj
You can also specify the fourth parameter as an allowed address range
or include "+" to specify that the address is formed using the unit
number. See the man page for details.
--
James Carlson 42.703N 71.076W <carlsonj@workingcode.com>
pppd man page or pptpd man page? I get them mixed up
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: pptpd
2008-12-13 19:18 pptpd tony.chamberlain
` (3 preceding siblings ...)
2008-12-15 14:24 ` pptpd tony.chamberlain
@ 2008-12-15 14:40 ` James Carlson
4 siblings, 0 replies; 6+ messages in thread
From: James Carlson @ 2008-12-15 14:40 UTC (permalink / raw)
To: linux-ppp
tony.chamberlain@lemko.com writes:
> pppd man page or pptpd man page? I get them mixed up
The pppd man page describes the pppd options and the PPP *-secrets
files.
--
James Carlson 42.703N 71.076W <carlsonj@workingcode.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2008-12-15 14:40 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-12-13 19:18 pptpd tony.chamberlain
2008-12-13 19:33 ` pptpd James Carlson
2008-12-13 19:39 ` pptpd James Carlson
2008-12-14 23:20 ` pptpd James Cameron
2008-12-15 14:24 ` pptpd tony.chamberlain
2008-12-15 14:40 ` pptpd James Carlson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.