Hello, > The interface which terminate the tunnel has "192.168.4.254". > Right? Do you mean the other end of the tunnel? It is 10.109.4.254 interface pppx0 address 10.109.4.254 ipcp IPCP
> How about if you configure the npppd-users > > rdk: > :password=passsssword:\ > :framed-ip-address=10.109.4.254:\ > :framed-ip-netmask=255.255.255.0: > > The server (npppd) will configure a route for 10.109.4.0/24 to the PPP > session authenticated by the above "rdk". I have tried to configure npppd-users with netmask /24, but it doesnt make any changes. Still have all traffic to 10.0.0.0/8 going across the tunnel to 10.109.4.254(VPN), but I need to push the traffic to 10.109.3.0/24 through the tunnel (via 10.109.4.254) and the rest of 10.0.0.0/8 through default gw or sometimes some traffic to 10.0.0.0/8 through another tunnel at the same time. Now if the PPP tunnel is established the VPN catches all the 10.0.0.0/8 traffic. The VPN client (Windows7/10) is configured to NOT use the VPN as remote gw. Example: I have a public, static IP. There is configured route to 10.55.0.0/24 at the ISP's side and I dont need any VPN tunnel to access 10.55...... Somewhere over the rainbow is a router with LAN 10.109.3.0/24 and npppd. If I use the PPP tunnel I can acces 10.109.3.0/24 but at the same time I can't access 10.55.0.0/24 because all 10.0.0.0/8 goes across the tunnel. On Sun, 21 Feb 2021 23:18:19 +0900 (JST) YASUOKA Masahiko <yasu...@openbsd.org> wrote: > Hello, > > On Sat, 20 Feb 2021 21:14:24 +0100 > Radek <r...@int.pl> wrote: > > I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw > > 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254. > > If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes > > via 10.109.4.254 > > > > client> route print > > Network Destination Netmask Gateway Interface Metric > > 0.0.0.0 0.0.0.0 192.168.1.1 > > 192.168.1.101 20 > > 10.0.0.0 255.0.0.0 10.109.4.254 > > 10.109.4.1 21 > > 10.109.4.1 255.255.255.255 On-link 10.109.4.1 > > 276 > > [...] > > The interface which terminate the tunnel has "192.168.4.254". > Right? > > > $ cat /etc/npppd/npppd-users > > rdk:\ > > :password=passsssword:\ > > :framed-ip-address=10.109.4.1: > > #:framed-ip-netmask=255.255.255.0: > > How about if you configure the npppd-users > > rdk: > :password=passsssword:\ > :framed-ip-address=10.109.4.254:\ > :framed-ip-netmask=255.255.255.0: > > ? > > The server (npppd) will configure a route for 10.109.4.0/24 to the PPP > session authenticated by the above "rdk". > > > On Sat, 20 Feb 2021 21:14:24 +0100 > Radek <r...@int.pl> wrote: > > Hi, > > I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw > > 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254. > > If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes > > via 10.109.4.254 > > > > client> route print > > Network Destination Netmask Gateway Interface Metric > > 0.0.0.0 0.0.0.0 192.168.1.1 > > 192.168.1.101 20 > > 10.0.0.0 255.0.0.0 10.109.4.254 > > 10.109.4.1 21 > > 10.109.4.1 255.255.255.255 On-link 10.109.4.1 > > 276 > > [...] > > > > I need to redirect the traffic to 10.109.4.254 only if it goes to the > > remote LAN (10.109.3.0/24), the rest should go via def gw. > > How can I configure it on the router/server side ? > > > > $ cat /etc/npppd/npppd.conf > > # $OpenBSD: npppd.conf,v 1.3 2020/01/23 03:01:22 dlg Exp $ > > # sample npppd configuration file. see npppd.conf(5) > > > > set max-session 200 > > set user-max-session 4 > > > > authentication LOCAL type local { > > users-file "/etc/npppd/npppd-users" > > } > > tunnel L2TP protocol l2tp { > > listen on X.X.X.X > > } > > > > ipcp IPCP { > > pool-address 10.109.4.1-10.109.4.32 > > dns-servers 1.1.1.1 > > } > > > > # use pppx(4) interface. use an interface per a ppp session. > > interface pppx0 address 10.109.4.254 ipcp IPCP > > bind tunnel from L2TP authenticated by LOCAL to pppx0 > > > > $ cat /etc/npppd/npppd-users > > rdk:\ > > :password=passsssword:\ > > :framed-ip-address=10.109.4.1: > > #:framed-ip-netmask=255.255.255.0: > > > > $ dmesg | head > > OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021 > > > > r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > > -- > > Radek > > > -- Radek