Re: npppd troubles

[Marina Brown]

On 11/03/2016 03:36 PM, Stefan Sperling wrote:
> On Thu, Nov 03, 2016 at 03:17:40PM -0400, Marina Brown wrote:
>> Hi All:
>>
>> I have been trying to create an nppp connection across my property -
>> about 100M for one of my friends who lives here. He wants less security
>> than i like behind my firewall. I have not been able to get OpenBSD to
>> route his connection out of the network. Here are my settings.
> 
>> # NAT Rule to translate from internal to External NET
>> pass out on em0 inet from em1:network to any nat-to (em0)
> 
> You're using NAT when passing out on em0 here, and...
>  
>> external = em0
> 
>> pass out quick on $external from 10.0.0.103/32 to any
> 
> ... my guess is that you're missing 'nat-to ($external)' here ^
> 

Thanks - is there a way to exclude the npppd users from the nat
altogether. That is the reason for the excersize. If i put him
behind the nat we are right where we started. He runs games that
don't play well with strict NAT settings and i don't want the rest of my
network exposed to reduced security.

I thought he would be on pppx0. Is there a way to do this.


--- Marina Brown




signature.asc
Description: OpenPGP digital signature

npppd troubles

[Marina Brown]

Hi All:

I have been trying to create an nppp connection across my property -
about 100M for one of my friends who lives here. He wants less security
than i like behind my firewall. I have not been able to get OpenBSD to
route his connection out of the network. Here are my settings.


# uname -a
OpenBSD bernie.mesh.local 6.0 GENERIC.MP#2319 amd64


-

# $OpenBSD: npppd.conf,v 1.2 2014/03/22 04:32:39 yasuoka Exp $
# sample npppd configuration file.  see npppd.conf(5)

tunnel L2TP protocol l2tp
tunnel PPTP protocol pptp
tunnel PPPOE protocol pppoe {
listen on interface em1
}

ipcp IPCP {
pool-address 10.0.0.2-10.0.0.254
dns-servers 208.67.222.222 8.8.8.8
}
interface tun0 address 10.0.0.1 ipcp IPCP
authentication LOCAL type local {
users-file "/etc/npppd/npppd-users"
}
bind tunnel from L2TP authenticated by LOCAL to tun0
bind tunnel from PPTP authenticated by LOCAL to tun0
bind tunnel from PPPOE authenticated by LOCAL to tun0

---

---
# more /etc/npppd/npppd

npppd-users  npppd.conf   npppd.conf.OLD
# more /etc/npppd/npppd-users

# $OpenBSD: npppd-users,v 1.1 2012/09/20 12:51:43 yasuoka Exp $
# sample npppd-users file.  see npppd-users(5)

#taro:\
#   :password=taro's password:\
#   :framed-ip-address=10.0.0.101:
#hana:\
#   :password=hana's password:\
#   :framed-ip-address=10.0.0.102:
kevin:\
:password=XX:\
:framed-ip-address=10.0.0.103:
laura:\
:password=testvpn:\
:framed-ip-address=10.0.0.104:
#
---

# npppctl session all

Ppp Id = 33
  Ppp Id  : 33
  Username: kevin
  Realm Name  : LOCAL
  Concentrated Interface  : tun0
  Assigned IPv4 Address   : 10.0.0.103
  Tunnel Protocol : PPPoE
  Tunnel From : 74:44:01:7a:13:e7
  Start Time  : 2016/11/03 12:53:59
  Elapsed Time: 3149 sec (52 minutes)
  Input Bytes : 69314 (67.7 KB)
  Input Packets   : 1986
  Input Errors: 1056 (34.7%)
  Output Bytes: 13021 (12.7 KB)
  Output Packets  : 1100
  Output Errors   : 0 (0.0%)
#
--
# route show
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio
Iface
defaultc-73-114-67-1.hsd1 UGS  432 27284883 - 8
em0
BASE-ADDRESS.MCAST localhost  URS0  205 32768 8
lo0
10.0.0.128/26  localhost  UGB00 3276856
lo0
10.0.0.64/26   localhost  UGB00 3276856
lo0
10.0.0.192/27  localhost  UGB00 3276856
lo0
10.0.0.32/27   localhost  UGB0   14 3276856
lo0
10.0.0.8/29localhost  UGB01 3276856
lo0
10.0.0.4/30localhost  UGB0   20 3276856
lo0
10.0.0.2/31localhost  UGB00 3276856
lo0
10.0.0.1   tun0   UHl1   45 - 1
tun0
10.0.0.1/3210.0.0.1   UC 00 - 4
tun0
10.0.0.1   localhost  UGH00 3276856
lo0
10.0.0.16/28   localhost  UGB00 3276856
lo0
10.0.0.103 10.0.0.1   UGH0   55  149256
tun0
10.0.0.224/28  localhost  UGB00 3276856
lo0
10.0.0.240/29  localhost  UGB00 3276856
lo0
10.0.0.248/30  localhost  UGB00 3276856
lo0
10.0.0.252/31  localhost  UGB00 3276856
lo0
10.0.0.254/32  localhost  UGB00 3276856
lo0
73.114.67/24   c-73-114-67-57.hsd UC 10 - 4
em0
c-73-114-67-1.hsd1 00:5f:86:93:c4:22  UHLc   1  225 - 4
em0
c-73-114-67-57.hsd 00:00:24:d2:16:e0  UHLl   0   396542 - 1
em0
73.114.67.255  c-73-114-67-57.hsd UHb00 - 1
em0
loopback   localhost  UGRS   00 32768 8
lo0
localhost  localhost  UHl   15   15 32768 1
lo0
192.168.1/24   apache UC 6  749 - 4
em1
apache 00:00:24:d2:16:e1  UHLl   0   137387 - 1
em1
192.168.1.15   40:8d:5c:18:94:22  UHLc   0  2505472 - 4
em1
192.168.1.22   40:8d:5c:83:01:16  UHLc   1  4272213 - 4
em1
192.168.1.29   d0:50:99:7c:c7:95  UHLc   3  4213308 - 4
em1
192.168.1.51   90:6e:bb:03:3e:ff  UHLc   0   466079 - 4
em1
192.168.1.56   10:1f:74:5e:8b:67  UHLc   0 1173 - 4
em1
192.168.1.126  4c:cc:6a:09:fd:14  UHLc   0  4434626 - 4
em1
192.168.1.255  apache UHb0