Dossy, David,
Guys 1st, thanks for the fantastic work you've done so far.
Now that you're looking into the IP pool implementation I think it is
equally important to address how it may be implemented from
the config file point of view and perhaps as well addressing
static IP addresses to non road warriors.
Currently with l2tpd I can specify the local and remote IP address
I give to the incoming LAC such as:
==================
...
[lns lansabe1-lansauk1]
exclusive = no
name = lansabelfw0.lansa-europe.com
lac = X.Y.Z.125
ip range = 10.32.0.123
local ip = 10.44.0.123
require chap = yes
require authentication = yes
hidden bit = no
tunnel rws = 8
==================
Given that I know which local IP address I give to particular incoming LAC,
I can specify a route to the other network where in /etc/ppp/ip-up.local I have:
if /sbin/ifconfig | grep "10.44.0.123" > /dev/null ; then
route add -net 10.44.0.0 netmask 255.255.224.0 gw 10.44.0.123
fi
I don't know how you plan to implement that but I had an idea. Currently
there is a "catch all" sync-pppd
such as:
==================
section sync-pppd
lns-pppd-opts "require-chap 10.44.10.120:10.45.10.120 lcp-echo-interval 30
lcp-echo-failure 6"
lac-pppd-opts "user linuxfw2_lansauk2 10.44.10.120:10.45.10.120 lcp-echo-interval 30
lcp-echo-failure 6"
==================
perhaps it could be extended by adding the peer keyword matching a peer section such
as:
==================
section sync-pppd
peer W. X.Y.Z
lns-pppd-opts "require-chap 10.44.10.120:10.45.10.120 lcp-echo-interval 30
lcp-echo-failure 6"
# Peer section
section peer
peer W. X.Y.Z
port 1701
lac-handler sync-pppd
lns-handler sync-pppd
hide-avps no
==================
and then may be a "catch all" for road warrior that would look like:
==================
section sync-pppd
peer W. X.Y.Z
lns-pppd-opts "require-chap A.B.C.D:W.X.Y.Z lcp-echo-interval 30 lcp-echo-failure 6"
==================
where A.B.C.D would be the starting range of the IP pool and W.X.Y.Z, the end.
What do you guys think?
Dom
