Re: npppd - changing clients' route table

Sun, 21 Feb 2021 06:19:14 -0800 

Hello,

On Sat, 20 Feb 2021 21:14:24 +0100
Radek <r...@int.pl> wrote:
> I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw 
> 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254.
> If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes via 
> 10.109.4.254
> 
> client> route print 
> Network Destination   Netmask      Gateway          Interface Metric
>           0.0.0.0                  0.0.0.0       192.168.1.1    192.168.1.101 
>     20
>         10.0.0.0              255.0.0.0     10.109.4.254          10.109.4.1  
>    21
>     10.109.4.1  255.255.255.255         On-link                10.109.4.1    
> 276
> [...]

The interface which terminate the tunnel has "192.168.4.254".
Right?

> $ cat /etc/npppd/npppd-users
> rdk:\
> :password=passsssword:\
> :framed-ip-address=10.109.4.1:
> #:framed-ip-netmask=255.255.255.0:

How about if you configure the npppd-users

rdk:
  :password=passsssword:\
  :framed-ip-address=10.109.4.254:\
  :framed-ip-netmask=255.255.255.0:

?

The server (npppd) will configure a route for 10.109.4.0/24 to the PPP
session authenticated by the above "rdk".


On Sat, 20 Feb 2021 21:14:24 +0100
Radek <r...@int.pl> wrote:
> Hi, 
> I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw 
> 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254.
> If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes via 
> 10.109.4.254
> 
> client> route print 
> Network Destination   Netmask      Gateway          Interface Metric
>           0.0.0.0                  0.0.0.0       192.168.1.1    192.168.1.101 
>     20
>         10.0.0.0              255.0.0.0     10.109.4.254          10.109.4.1  
>    21
>     10.109.4.1  255.255.255.255         On-link                10.109.4.1    
> 276
> [...]
> 
> I need to redirect the traffic to 10.109.4.254 only if it goes to the remote 
> LAN (10.109.3.0/24), the rest should go via def gw.
> How can I configure it on the router/server side ?
> 
> $ cat /etc/npppd/npppd.conf
> # $OpenBSD: npppd.conf,v 1.3 2020/01/23 03:01:22 dlg Exp $
> # sample npppd configuration file.  see npppd.conf(5)
> 
> set max-session 200
> set user-max-session 4
> 
> authentication LOCAL type local {
>         users-file "/etc/npppd/npppd-users"
> }
> tunnel L2TP protocol l2tp {
>         listen on X.X.X.X
> }
> 
> ipcp IPCP {
>         pool-address 10.109.4.1-10.109.4.32
>         dns-servers 1.1.1.1
> }
> 
> # use pppx(4) interface.  use an interface per a ppp session.
> interface pppx0 address 10.109.4.254 ipcp IPCP
> bind tunnel from L2TP authenticated by LOCAL to pppx0
> 
> $ cat /etc/npppd/npppd-users
> rdk:\
> :password=passsssword:\
> :framed-ip-address=10.109.4.1:
> #:framed-ip-netmask=255.255.255.0:
> 
> $ dmesg | head
> OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021
>     
> r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> 
> -- 
> Radek
>

Reply via email to