Hi all.
I think I have a design question.
I'm trying to use some linux machines to create a lab to replicate the
creation of a L2TP tunnel for dialup users based on the realm of the user
that is authenticated, but as a special configuration I don't need the
tunnel between the remote client and the RAS, I need the L2TP tunnel
between the RAS (LAC) and one remote router (LNS). The configuration that
I'm trying to do is something like:
1) If the user uses "name1@domain1" to dialin, the RAS (a linux machine
running openl2tp) should create a L2TP tunnel and a session from the RAS
(LAC) to the router (LNS) (also a linux machine running openl2tp) of the
network assigned to domain1 and all the data between the dialup user and
the domain1 network data should pass thru the L2TP tunnel. The dialin user
is using PPP between the remote machine and the RAS.
2) If the user uses name1@domain2" to dialin, the RAS should create a L2TP
tunnel and a session from the RAS (LAC) to the router of the network
assigned to domain2 (LNS) (another linux machine running openl2tp), etc,
etc...
3) The destination network is the same in both cases. The idea of the lab
is to implement two different dialup access to the same network and in case
something happens with the first router the users can change to the second
changing only the domain.
4) In my design, I don't need IPs into the tunnel, I only need the IP in
the remote machine and in the RAS.
So far, I installed the RAS with the usual configuration (mgetty+pppd), and
also I'm using a freeradius AAA with pppd in the RAS to authenticate the
users and assign the IPs to the dialin users based on the realm with the
ppp radius plugin in the RAS.
I also defined and established the tunnels using openl2tpd between the RAS
and each one of the routers, but now I'm trying to figure out how to
associate each dynamic ppp session in the RAS (LAC) to a L2TP session in
the right tunnel.
I checked the PPPoL2TP plugin (
http://ftp.samba.org/pub/unpacked/ppp/README.pppol2tp), but in the moment
that the RAS receives the call and start the PPP I don't have the required
parameters as the session_id or file descriptor.
I would like to ask some recommendations to implement this lab, because I'm
thinking that maybe I should replace the PPP invocation from the login file
from the mgetty with a invocation to openl2tp (l2tpconfig) to establish a
tunnel and a session, but I don't see how to do this, because doing that
the remote dialin machine will not receive the IP assigned by the AAA.
I can control and do any change in the RAS (LAC) or linux router machine
(LNS) but I cannot do any change in the remote machine.
REMOTE---> RAS (LAC) --If domain1 ---> ROUTER 1 (LNS) ---> NetworkA
|
---------------If domain2 ----> ROUTER 2 (LNS) --->
NetworkA
Thanks for your time.
JKnight.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Openl2tp-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openl2tp-users
