Hi guys.A little off-topic, but why would it be impossible?
I have a setup for wireless clients where I use pptp vpn tunnels for my users to be able to auth and connect. The vpn daemon (poptop) talks to freeradius server which against gets user info from MySQL database.
I use dialup_admin to be able to easly add new users.
Everything works great except for one thing.
The users (companies) are unable to create their own VPN tunnels (i.e IPsec) to other places.
It's impossible to tunnel IPsec inside of pptp vpn tunnels.
I think www.freeswan.org ipsec will work, you may need the 'UDP-patch' to avoid NATting problems. Don't know about other implementations: eg. the new linux-2.6.0 kernel (still in beta though) has ipsec built in, but I have not yet had the chance to look into it.
Linux comes with extensive built-in traffic/routing features; www.lartc.org will let you use these features. It may take some time and studying to get going, but it is well worth the effort. Some say it's even better than Cisco.So maybe running plain PPPoE could solve that problem. Then I could use WPA for traffic encryption. Does that sound logical? I also need some kind of system that will make it possible to give different bandwith to different users. I though I could set up DUMMYNET with bw restrictions for different subnets with a subnet mask like /16 or similar. Then give static IP's to my users depending on what bw they are allowed to use. But this approach does not seem to be very flexible. Is there a way to make radius do bandwith restrictions or run commands against an external application? I am not "locked" to use BSD, if this works better on Linux then I will use it too.
Z.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
