* Re: pptpd
2008-12-13 19:18 pptpd tony.chamberlain
@ 2008-12-13 19:33 ` James Carlson
2008-12-13 19:39 ` pptpd James Carlson
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: James Carlson @ 2008-12-13 19:33 UTC (permalink / raw)
To: linux-ppp
tony.chamberlain@lemko.com writes:
> and then in CHAP secrets I put logins and passwords.
> Thing is, people need their own IP address (need to count
> on it each time they connect). For instance, if I have
> something in chap secrets like
>
>
>
> lincoln * abraham *
Change that to:
lincoln * abraham 192.168.0.234
> Can I do this somehow? Doesn't have to be in chap-secrets as long as
> I can do it. Is there something like an options.lincoln file?
No, but if the fifth element on the line is "--", you can add extra
options there. These are applied only after the PPP Authentication
phase, so they can't be LCP or auth options. For instance:
lincoln * abraham 192.168.0.234 -- novj
You can also specify the fourth parameter as an allowed address range
or include "+" to specify that the address is formed using the unit
number. See the man page for details.
--
James Carlson 42.703N 71.076W <carlsonj@workingcode.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: pptpd
2008-12-13 19:18 pptpd tony.chamberlain
2008-12-13 19:33 ` pptpd James Carlson
@ 2008-12-13 19:39 ` James Carlson
2008-12-14 23:20 ` pptpd James Cameron
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: James Carlson @ 2008-12-13 19:39 UTC (permalink / raw)
To: linux-ppp
James Carlson writes:
> tony.chamberlain@lemko.com writes:
> > and then in CHAP secrets I put logins and passwords.
> > Thing is, people need their own IP address (need to count
> > on it each time they connect). For instance, if I have
> > something in chap secrets like
One other thing I should have noted: this controls only the address
negotiated by IPCP.
The user can use any source address he wants into the packets he
sends, regardless of what was actually negotiated by IPCP. This is
normal and expected -- it's how routing works -- so don't think of the
negotiation as any sort of "security." It's a parameter assignment
mechanism, and nothing else. Think if it as advisory information.
If you need to restrict the usage of the link (e.g., limit the set of
source addresses that the remote peer may use), then you'll need to
set up packet filters on your end. These are independent of PPP.
The very same issue shows up with all types of links, including
Ethernet: if you want to restrict what you allow, then you need to
configure filters. Link protocols generally don't do that for you,
and the restrictions you use will depend on the exact needs of the
deployment.
--
James Carlson 42.703N 71.076W <carlsonj@workingcode.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: pptpd
2008-12-13 19:18 pptpd tony.chamberlain
2008-12-13 19:33 ` pptpd James Carlson
2008-12-13 19:39 ` pptpd James Carlson
@ 2008-12-14 23:20 ` James Cameron
2008-12-15 14:24 ` pptpd tony.chamberlain
2008-12-15 14:40 ` pptpd James Carlson
4 siblings, 0 replies; 6+ messages in thread
From: James Cameron @ 2008-12-14 23:20 UTC (permalink / raw)
To: linux-ppp
If you give the choice of IP address to pppd as James has suggested,
tell pptpd not to provide the IP address on the pppd command line.
pptpd.conf delegate option controls that, see man pptpd.conf
--
James Cameron http://quozl.netrek.org/
HP Open Source, Volunteer http://opensource.hp.com/
PPTP Client Project, Release Engineer http://pptpclient.sourceforge.net/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: pptpd
2008-12-13 19:18 pptpd tony.chamberlain
` (2 preceding siblings ...)
2008-12-14 23:20 ` pptpd James Cameron
@ 2008-12-15 14:24 ` tony.chamberlain
2008-12-15 14:40 ` pptpd James Carlson
4 siblings, 0 replies; 6+ messages in thread
From: tony.chamberlain @ 2008-12-15 14:24 UTC (permalink / raw)
To: linux-ppp
-----Original Message-----
From: James Carlson [mailto:carlsonj@workingcode.com]
Sent: Saturday, December 13, 2008 01:33 PM
To: tony.chamberlain@lemko.com
Cc: 'ppp, Linux'
Subject: Re: pptpd
tony.chamberlain@lemko.com writes:
> and then in CHAP secrets I put logins and passwords.
> Thing is, people need their own IP address (need to count
> on it each time they connect). For instance, if I have
> something in chap secrets like
>
>
>
> lincoln * abraham *
Change that to:
lincoln * abraham 192.168.0.234
> Can I do this somehow? Doesn't have to be in chap-secrets as long as
> I can do it. Is there something like an options.lincoln file?
No, but if the fifth element on the line is "--", you can add extra
options there. These are applied only after the PPP Authentication
phase, so they can't be LCP or auth options. For instance:
lincoln * abraham 192.168.0.234 -- novj
You can also specify the fourth parameter as an allowed address range
or include "+" to specify that the address is formed using the unit
number. See the man page for details.
--
James Carlson 42.703N 71.076W <carlsonj@workingcode.com>
pppd man page or pptpd man page? I get them mixed up
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: pptpd
2008-12-13 19:18 pptpd tony.chamberlain
` (3 preceding siblings ...)
2008-12-15 14:24 ` pptpd tony.chamberlain
@ 2008-12-15 14:40 ` James Carlson
4 siblings, 0 replies; 6+ messages in thread
From: James Carlson @ 2008-12-15 14:40 UTC (permalink / raw)
To: linux-ppp
tony.chamberlain@lemko.com writes:
> pppd man page or pptpd man page? I get them mixed up
The pppd man page describes the pppd options and the PPP *-secrets
files.
--
James Carlson 42.703N 71.076W <carlsonj@workingcode.com>
^ permalink raw reply [flat|nested] 6+ messages in thread