On Thursday, January 19, 2012 02:23 CET, YASUOKA Masahiko <[email protected]>
wrote:
> Hi,
>
> On Thu, 19 Jan 2012 02:14:48 +0900 (JST)
> YASUOKA Masahiko <[email protected]> wrote:
> > On Tue, 17 Jan 2012 11:57:07 +0100
> > "Sebastian Reitenbach" <[email protected]> wrote:
> > If you don't like this limitation, you can use 'pppx mode'. In 'pppx
> > mode' npppd will create a pppx interface for each PPP session. You
> > can add any routes to the interface.
>
> Unfortunately the ingress filter of `pipex' drops all these packets.
> It's always on by default and not configurable. It should be
> configurable, but it is not implemented yet.
Since the pppx mode doesn't seem to work for me with the xl2tpd client
I could not test this here.
besides having routes on the server, I wonder whether I can push routes to the
client automatically.
So the client just starts up the l2tpd client and connects, then its getting
told from the server, which routes
to which networks behind the VPN endpoint it should set into the tunnel.
But as I recognized now, the xl2tp client on the Linux host called
/etc/ppp/ip-up script. So I guess the client
has to take care on its own which extra routes it will set up.
So if I understand it now:
* on the OpenBSD VPN Server, I can just use the tun0 interface
* enable packet forwarding
* have normal routes defined to the extra networks
* maybe protecting things with PF
* on the client I have an ip-up script that runs when the tunnel gets
established,
* this sets routes to the networks behind the VPN Server into the tunnel
This I actually tried, and seems to work.
But on the mobile phone, Android 2.2 what I tried now, I haven't yet seen a
hook where I could
setup extra routes. maybe someone on the list may give me a hint here?
>
> > To enable 'pppx mode', add
> >
> > pppx_mode: true
> >
> > to /etc/npppd/npppd.conf.
>
> Sorry, above example was wrong. To test `pppx mode'
>
> (1) create /dev/pppx0
> % cd /dev
> % sudo sh MAKEDEV pppx
> (2) replace from `tun0' to `pppx0' in /etc/npppd/npppd.conf
> (3) add "interface.pppx0.pppx_mode: true" to /etc/npppd/npppd.conf
I tried this pppx mode on my OBSD VM, together with the Linux client, but it
doesn't establish the connection:
- I created the pppx device as explained above
- edited npppd.conf:
#interface_list: tun0
#interface.tun0.ip4addr: 10.66.66.1
interface_list: pppx0
interface.pppx0.ip4addr: 10.66.66.1
interface.pppx0.pppx_mode: true
...
then start, and try the client to connect:
$ sudo /usr/sbin/npppd -d
2012-01-19 13:32:37:NOTICE: Starting npppd pid=7082 version=5.0.0
2012-01-19 13:32:37:NOTICE: Load configuration from='/etc/npppd/npppd.conf'
successfully.
2012-01-19 13:32:37:INFO: pppx0 Started pppx
2012-01-19 13:32:37:INFO: Listening /var/run/npppd_ctl (npppd_ctl)
2012-01-19 13:32:37:INFO: pool name=default dyn_pool=[10.66.66.0/25]
pool=[10.66.66.0/24]
2012-01-19 13:32:37:INFO: Loading pool config successfully.
2012-01-19 13:32:37:INFO: realm name=local(local) Loaded users
from='/etc/npppd/npppd-users.csv' successfully. 1 users
2012-01-19 13:32:37:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP]
2012-01-19 13:32:37:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP]
2012-01-19 13:32:37:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) [PPTP]
2012-01-19 13:32:37:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC)
2012-01-19 13:32:37:INFO: pppx0 is using ipcp=default(1 pools).
here I connected the client:
2012-01-19 13:39:02:NOTICE: l2tpd ctrl=1 logtype=Started RecvSCCRQ
from=10.0.0.31:1701/udp tunnel_id=1/29795 protocol=1.0 winsize=4 hostname=sre
vendor=xelerance.com firm=0690
2012-01-19 13:39:02:INFO: l2tpd ctrl=1 SendSCCRP
2012-01-19 13:39:02:INFO: l2tpd ctrl=1 RecvSCCN
2012-01-19 13:39:02:INFO: l2tpd ctrl=1 SendZLB
2012-01-19 13:39:02:INFO: l2tpd ctrl=1 call=30483 RecvICRQ session_id=2737
2012-01-19 13:39:02:INFO: l2tpd ctrl=1 call=30483 SendICRP session_id=30483
2012-01-19 13:39:02:WARNING: l2tpd ctrl=1 call=30483 AVP (RX_CONNECT_SPEED/38)
is not supported, but it's mandatory
2012-01-19 13:39:02:INFO: l2tpd ctrl=1 call=30483 RecvICCN session_id=2737
calling_number= tx_conn_speed=10000000 framing=sync
2012-01-19 13:39:02:NOTICE: l2tpd ctrl=1 call=30483 logtype=PPPBind ppp=0
2012-01-19 13:39:02:INFO: ppp id=0 layer=base logtype=Started
tunnel=L2TP(10.0.0.31:1701)
2012-01-19 13:39:02:INFO: l2tpd ctrl=1 call=30483 SendZLB
2012-01-19 13:39:03:INFO: ppp id=0 layer=lcp logtype=Opened mru=1400/1410
auth=MS-CHAP-V2 magic=399562f0/187d146d
2012-01-19 13:39:03:INFO: ppp id=0 layer=chap proto=mschap_v2 logtype=Success
username="user1" realm=local
2012-01-19 13:39:03:WARNING: ppp id=0 layer=base No interface binding.
2012-01-19 13:39:03:INFO: l2tpd ctrl=1 call=30483 SendCDN result=ERROR_CODE/2
error=GENERIC_ERROR/6 messsage=Disconnected by local PPP
2012-01-19 13:39:03:NOTICE: l2tpd ctrl=1 call=30483 logtype=PPPUnbind
2012-01-19 13:39:03:NOTICE: ppp id=0 layer=base logtype=TUNNELUSAGE
user="user1" duration=1sec layer2=L2TP layer2from=10.0.0.31:1701
auth=MS-CHAP-V2 data_in=166bytes,6packets data_out=168bytes,7packets error_in=0
error_out=0 mppe=no iface=(not binding)
2012-01-19 13:39:03:INFO: l2tpd ctrl=1 RecvZLB
2012-01-19 13:39:20:INFO: l2tpd ctrl=1 SendStopCCN result=1
2012-01-19 13:39:20:INFO: l2tpd ctrl=1 RecvZLB
2012-01-19 13:39:20:NOTICE: l2tpd ctrl=1 logtype=Finished
2012-01-19 13:39:20:INFO: l2tpd Received from=10.0.0.31:1701: bad control
message: tunnelId=1 is not found. mestype=StopCCN
2012-01-19 13:39:21:INFO: l2tpd Received from=10.0.0.31:1701: bad control
message: tunnelId=1 is not found. mestype=StopCCN
2012-01-19 13:39:22:INFO: l2tpd Received from=10.0.0.31:1701: bad control
message: tunnelId=1 is not found. mestype=StopCCN
2012-01-19 13:39:23:INFO: l2tpd Received from=10.0.0.31:1701: bad control
message: tunnelId=1 is not found. mestype=StopCCN
2012-01-19 13:39:24:INFO: l2tpd Received from=10.0.0.31:1701: bad control
message: tunnelId=1 is not found. mestype=StopCCN
here I stopped npppd again:
2012-01-19 13:42:05:INFO: l2tpd Shutdown 0.0.0.0:1701/udp (L2TP LNS)
2012-01-19 13:42:05:INFO: l2tpd Shutdown [::]:1701/udp (L2TP LNS)
2012-01-19 13:42:05:INFO: pptpd Shutdown 0.0.0.0:1723/tcp
2012-01-19 13:42:05:INFO: pptpd Shutdown 0.0.0.0/gre
2012-01-19 13:42:05:NOTICE: pptpd Stopped
2012-01-19 13:42:05:INFO: pppx0 Stopped
[[A2012-01-19 13:42:06:INFO: realm name=local(local) Finalized
2012-01-19 13:42:06:NOTICE: Terminate npppd.
Switching back to tun0 it just worked again.
Sebastian
>
> --yasuoka
