Bom dia, Estou configurando no Debian "Squeeze" um serviço de VPN usando OpenSWAN + xl2tpd. Minha duvida: é possível forçar um usuario a pegar sempre o mesmo IP?
Exemplo: Quando o usuario vpnuser1 conectar na vpn, tal usuario use sempre o ip 10.0.0.200 Outra duvida, dá para integrar tudo isso com LDAP? Segue meus confs: /etc/ipsec.conf --------------------------------------------------------------------- version 2.0 config setup strictcrlpolicy=no nat_traversal=yes virtual_private=%v4:192.168.0.0/16,%v4:10.0.0.0/24 protostack=netkey interfaces=%defaultroute oe=off #plutoopts="--interface=eth0" conn L2TP-PSK authby=secret pfs=no auto=add rekey=no keyingtries=3 dpddelay=30 dpdtimeout=120 dpdaction=clear ikelifetime=8h keylife=1h type=transport left=%defaultroute leftprotoport=17/%any right=%any rightprotoport=17/%any --------------------------------------------------------------------- /etc/ipsec.secrets ------------------------------------------ MeuIPValido %any: PSK "senha" --------------------------------------------------------------------- /etc/xl2tpd/xl2tpd.conf ------------------------------------ [global] debug tunnel = yes [lns default] ip range = 10.0.0.200-10.0.0.250 local ip = 10.0.0.1 assign ip = yes require chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes --------------------------------------------------------------------- /etc/ppp/options.xl2tpd ----------------------------------- passive lock name * proxyarp ipcp-accept-local ipcp-accept-remote lcp-echo-failure 10 lcp-echo-interval 5 nodeflate noauth refuse-chap refuse-mschap refuse-mschap-v2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 mtu 1400 mru 1400 crtscts idle 1800 nodefaultroute debug connect-delay 5000 asyncmap 0 noipx hide-password noccp nobsdcomp novj novjccomp nopcomp noaccomp --------------------------------------------------------------------- /etc/ppp/chap-secrets ------------------------------------ # Secrets for authentication using CHAP # client server secret IP addresses vpnuser * "senha" 10.0.0.200 vpnuser1 * "senha" 10.0.0.250 --------------------------------------------------------------------- Abraços, Diego