npppd - changing clients' route table

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
rdk
Reply | Threaded
Open this post in threaded view
|

npppd - changing clients' route table

rdk
Hi,
I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254.
If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes via 10.109.4.254

client> route print
Network Destination   Netmask      Gateway          Interface Metric
          0.0.0.0                  0.0.0.0       192.168.1.1    192.168.1.101     20
        10.0.0.0              255.0.0.0     10.109.4.254          10.109.4.1     21
    10.109.4.1  255.255.255.255         On-link                10.109.4.1    276
[...]

I need to redirect the traffic to 10.109.4.254 only if it goes to the remote LAN (10.109.3.0/24), the rest should go via def gw.
How can I configure it on the router/server side ?

$ cat /etc/npppd/npppd.conf
# $OpenBSD: npppd.conf,v 1.3 2020/01/23 03:01:22 dlg Exp $
# sample npppd configuration file.  see npppd.conf(5)

set max-session 200
set user-max-session 4

authentication LOCAL type local {
        users-file "/etc/npppd/npppd-users"
}
tunnel L2TP protocol l2tp {
        listen on X.X.X.X
}

ipcp IPCP {
        pool-address 10.109.4.1-10.109.4.32
        dns-servers 1.1.1.1
}

# use pppx(4) interface.  use an interface per a ppp session.
interface pppx0 address 10.109.4.254 ipcp IPCP
bind tunnel from L2TP authenticated by LOCAL to pppx0

$ cat /etc/npppd/npppd-users
rdk:\
:password=passsssword:\
:framed-ip-address=10.109.4.1:
#:framed-ip-netmask=255.255.255.0:

$ dmesg | head
OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP

--
Radek

Reply | Threaded
Open this post in threaded view
|

Re: npppd - changing clients' route table

YASUOKA Masahiko-3
Hello,

On Sat, 20 Feb 2021 21:14:24 +0100
Radek <[hidden email]> wrote:
> I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254.
> If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes via 10.109.4.254
>
> client> route print
> Network Destination   Netmask      Gateway          Interface Metric
>           0.0.0.0                  0.0.0.0       192.168.1.1    192.168.1.101     20
>         10.0.0.0              255.0.0.0     10.109.4.254          10.109.4.1     21
>     10.109.4.1  255.255.255.255         On-link                10.109.4.1    276
> [...]

The interface which terminate the tunnel has "192.168.4.254".
Right?

> $ cat /etc/npppd/npppd-users
> rdk:\
> :password=passsssword:\
> :framed-ip-address=10.109.4.1:
> #:framed-ip-netmask=255.255.255.0:

How about if you configure the npppd-users

rdk:
  :password=passsssword:\
  :framed-ip-address=10.109.4.254:\
  :framed-ip-netmask=255.255.255.0:

?

The server (npppd) will configure a route for 10.109.4.0/24 to the PPP
session authenticated by the above "rdk".


On Sat, 20 Feb 2021 21:14:24 +0100
Radek <[hidden email]> wrote:

> Hi,
> I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254.
> If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes via 10.109.4.254
>
> client> route print
> Network Destination   Netmask      Gateway          Interface Metric
>           0.0.0.0                  0.0.0.0       192.168.1.1    192.168.1.101     20
>         10.0.0.0              255.0.0.0     10.109.4.254          10.109.4.1     21
>     10.109.4.1  255.255.255.255         On-link                10.109.4.1    276
> [...]
>
> I need to redirect the traffic to 10.109.4.254 only if it goes to the remote LAN (10.109.3.0/24), the rest should go via def gw.
> How can I configure it on the router/server side ?
>
> $ cat /etc/npppd/npppd.conf
> # $OpenBSD: npppd.conf,v 1.3 2020/01/23 03:01:22 dlg Exp $
> # sample npppd configuration file.  see npppd.conf(5)
>
> set max-session 200
> set user-max-session 4
>
> authentication LOCAL type local {
>         users-file "/etc/npppd/npppd-users"
> }
> tunnel L2TP protocol l2tp {
>         listen on X.X.X.X
> }
>
> ipcp IPCP {
>         pool-address 10.109.4.1-10.109.4.32
>         dns-servers 1.1.1.1
> }
>
> # use pppx(4) interface.  use an interface per a ppp session.
> interface pppx0 address 10.109.4.254 ipcp IPCP
> bind tunnel from L2TP authenticated by LOCAL to pppx0
>
> $ cat /etc/npppd/npppd-users
> rdk:\
> :password=passsssword:\
> :framed-ip-address=10.109.4.1:
> #:framed-ip-netmask=255.255.255.0:
>
> $ dmesg | head
> OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021
>     [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> --
> Radek
>