On 17/05/12 23:09, James Knight wrote: > Hi all. > > I think I have a design question. > > I'm trying to use some linux machines to create a lab to replicate the > creation of a L2TP tunnel for dialup users based on the realm of the > user that is authenticated, but as a special configuration I don't need > the tunnel between the remote client and the RAS, I need the L2TP tunnel > between the RAS (LAC) and one remote router (LNS).
OpenL2TP isn't a PPP Access Concentrator but it can in theory be used to build one. A PPP server on the LAC would need to do initial PPP auth to get the username etc, do a RADIUS lookup to get tunnel parameters, use OpenL2TP APIs to create the corresponding tunnel/session, then hook up the datapath from the PPP session to pass through the tunnel. The last part is tricky and there is no code to do that today. We are, however, working on kernel code to make it possible. If you can use BSD, their mpd might do what you want. > The configuration > that I'm trying to do is something like: > > 1) If the user uses "name1@domain1" to dialin, the RAS (a linux machine > running openl2tp) should create a L2TP tunnel and a session from the RAS > (LAC) to the router (LNS) (also a linux machine running openl2tp) of the > network assigned to domain1 and all the data between the dialup user and > the domain1 network data should pass thru the L2TP tunnel. The dialin > user is using PPP between the remote machine and the RAS. > > 2) If the user uses name1@domain2" to dialin, the RAS should create a > L2TP tunnel and a session from the RAS (LAC) to the router of the > network assigned to domain2 (LNS) (another linux machine running > openl2tp), etc, etc... RADIUS servers can be setup to do this. > 3) The destination network is the same in both cases. The idea of the > lab is to implement two different dialup access to the same network and > in case something happens with the first router the users can change to > the second changing only the domain. The RADIUS server would return different tunnel attributes for each domain. The PPP access server would use these to instruct OpenL2TP to open tunnel/session to the indicated LNS. > > Thanks for your time. > > JKnight. -- James Chapman Katalix Systems Ltd http://www.katalix.com Catalysts for your Embedded Linux software development ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Openl2tp-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openl2tp-users
