Fw: Re: npppd - changing clients' route table

Radek Sun, 21 Feb 2021 10:57:16 -0800

Hello,

> The interface which terminate the tunnel has "192.168.4.254".
> Right?
Do you mean the other end of the tunnel? It is 10.109.4.254
interface pppx0 address 10.109.4.254 ipcp IPCP


> How about if you configure the npppd-users
> 
> rdk:
>   :password=passsssword:\
>   :framed-ip-address=10.109.4.254:\
>   :framed-ip-netmask=255.255.255.0:
> 
> The server (npppd) will configure a route for 10.109.4.0/24 to the PPP
> session authenticated by the above "rdk".
I have tried to configure npppd-users with netmask /24, but it doesnt make any 
changes. Still have all traffic to 10.0.0.0/8 going across the tunnel to 
10.109.4.254(VPN), but I need to push the traffic to 10.109.3.0/24 through the 
tunnel (via 10.109.4.254) and the rest of 10.0.0.0/8 through default gw or 
sometimes some traffic to 10.0.0.0/8 through another tunnel at the same time. 
Now if the PPP tunnel is established the VPN catches all the 10.0.0.0/8 traffic.
The VPN client (Windows7/10) is configured to NOT use the VPN as remote gw.

Example:
I have a public, static IP. There is configured route to 10.55.0.0/24 at the 
ISP's side and I dont need any VPN tunnel to access 10.55...... Somewhere over 
the rainbow is a router with LAN 10.109.3.0/24 and npppd.
If I use the PPP tunnel I can acces 10.109.3.0/24 but at the same time I can't 
access 10.55.0.0/24 because all 10.0.0.0/8 goes across the tunnel.


On Sun, 21 Feb 2021 23:18:19 +0900 (JST)
YASUOKA Masahiko <yasu...@openbsd.org> wrote:

> Hello,
> 
> On Sat, 20 Feb 2021 21:14:24 +0100
> Radek <r...@int.pl> wrote:
> > I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw 
> > 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254.
> > If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes 
> > via 10.109.4.254
> > 
> > client> route print 
> > Network Destination   Netmask      Gateway          Interface Metric
> >           0.0.0.0                  0.0.0.0       192.168.1.1    
> > 192.168.1.101     20
> >         10.0.0.0              255.0.0.0     10.109.4.254          
> > 10.109.4.1     21
> >     10.109.4.1  255.255.255.255         On-link                10.109.4.1   
> >  276
> > [...]
> 
> The interface which terminate the tunnel has "192.168.4.254".
> Right?
> 
> > $ cat /etc/npppd/npppd-users
> > rdk:\
> > :password=passsssword:\
> > :framed-ip-address=10.109.4.1:
> > #:framed-ip-netmask=255.255.255.0:
> 
> How about if you configure the npppd-users
> 
> rdk:
>   :password=passsssword:\
>   :framed-ip-address=10.109.4.254:\
>   :framed-ip-netmask=255.255.255.0:
> 
> ?
> 
> The server (npppd) will configure a route for 10.109.4.0/24 to the PPP
> session authenticated by the above "rdk".
> 
> 
> On Sat, 20 Feb 2021 21:14:24 +0100
> Radek <r...@int.pl> wrote:
> > Hi, 
> > I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw 
> > 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254.
> > If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes 
> > via 10.109.4.254
> > 
> > client> route print 
> > Network Destination   Netmask      Gateway          Interface Metric
> >           0.0.0.0                  0.0.0.0       192.168.1.1    
> > 192.168.1.101     20
> >         10.0.0.0              255.0.0.0     10.109.4.254          
> > 10.109.4.1     21
> >     10.109.4.1  255.255.255.255         On-link                10.109.4.1   
> >  276
> > [...]
> > 
> > I need to redirect the traffic to 10.109.4.254 only if it goes to the 
> > remote LAN (10.109.3.0/24), the rest should go via def gw.
> > How can I configure it on the router/server side ?
> > 
> > $ cat /etc/npppd/npppd.conf
> > # $OpenBSD: npppd.conf,v 1.3 2020/01/23 03:01:22 dlg Exp $
> > # sample npppd configuration file.  see npppd.conf(5)
> > 
> > set max-session 200
> > set user-max-session 4
> > 
> > authentication LOCAL type local {
> >         users-file "/etc/npppd/npppd-users"
> > }
> > tunnel L2TP protocol l2tp {
> >         listen on X.X.X.X
> > }
> > 
> > ipcp IPCP {
> >         pool-address 10.109.4.1-10.109.4.32
> >         dns-servers 1.1.1.1
> > }
> > 
> > # use pppx(4) interface.  use an interface per a ppp session.
> > interface pppx0 address 10.109.4.254 ipcp IPCP
> > bind tunnel from L2TP authenticated by LOCAL to pppx0
> > 
> > $ cat /etc/npppd/npppd-users
> > rdk:\
> > :password=passsssword:\
> > :framed-ip-address=10.109.4.1:
> > #:framed-ip-netmask=255.255.255.0:
> > 
> > $ dmesg | head
> > OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021
> >     
> > r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > 
> > -- 
> > Radek
> > 
> 
-- 
Radek

Fw: Re: npppd - changing clients' route table

Reply via email to