OoO Lors de la soirée naissante du samedi 01 mai 2004, vers 17:47, Jacco de Leeuw <[EMAIL PROTECTED]> disait:
> In that case I would recommend a _different_ subnet for the wireless > link. OK for this solution which sounds reasonable. I suppose that using the same subnet for Mac clients (which was my request, I don't want to know what client the users will use) is not an appropriate solution. > The Mac clients will still receive IP addresses from the L2TP server > which lies within the interal x.y.u.v subnet, which was the main objective. > You can assign fixed internal addresses by using this trick in > /etc/ppp/chap-secrets: > sam * "rumpelstiltskin" 192.168.1.5 > * sam "rumpelstiltskin" 192.168.1.5 To avoid the multiplication of passwords, I would like to avoid assigning a password for each user (each one has a personal key which is used for IPsec). The username/password would be a generic one for everyone (something easy like user/pass) and the IP should be derived from the underlying one (the one from the IPsec link). But again, if this is not possible, I could juste use the key as a password. I see that there is a compile-time flag to let PPP choose the IP address, I am reading some PPP literature to see if this would solve this problem. > Alternatively, you could use VaporSec instead of L2TP/IPsec. This has the > advantage that previous MacOS X versions are also supported. > (http://www.afp548.com/Software/VaporSec/) Alas, this program is not open source and has one annoying bug : if the mask for the network is set to 0 (the network is 0.0.0.0/0), the generated racoon.conf is bogus (one field is missing). If I found some time, I will try to mail the authors to dig out this bug. Thanks for your answer. -- printk("Illegal format on cdrom. Pester manufacturer.\n"); 2.2.16 /usr/src/linux/fs/isofs/inode.c
