Date: Mon, 18 Mar 2013 21:32:08 +0000 From: Joe Holden <lists@rewt.org.uk> To: Yoann Gini <yoann.gini@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: mpd5 and multiple route to send to clients Message-ID: <514787D8.6010207@rewt.org.uk> In-Reply-To: <A6E1A1CB-BC90-4F22-8527-20D312D2801B@gmail.com> References: <9EC8E2D3-A52B-4FF1-B840-3D962DF8D917@gmail.com> <514665CD.80809@rewt.org.uk> <DA89EA18-0F70-4051-9368-5383F96E8D00@gmail.com> <51474D7D.2030107@rewt.org.uk> <065823BC-24A6-48EE-B689-310D01019998@gmail.com> <51477D96.4070305@rewt.org.uk> <A6E1A1CB-BC90-4F22-8527-20D312D2801B@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yoann Gini wrote: > Le 18 mars 2013 à 21:48, Joe Holden <lists@rewt.org.uk> a écrit : > >> You use something that can push configuration the client, like openvpn or run dhcp over something > > Well, I really don’t understand. > > From my experience, with a Cisco VPN Concentrator or a OS X VPN Server or a Windows VPN Server, you can set a L2TP VPN service with some remote config to send to the client (DNS servers, domain name, routing information [like what it for the private network and what is for the public one], and so on). > > It supposed to be built-in the VPN client and server. On others platform, I don’t need to use a setup based on SSL VPN like OpenVPN and it’s not the DHCP who handle that kind of client config but the built-in mechanisms in the VPN Server (that’s the case for L2TP and PPTP). > > I’m quite surprised to be front of a so difficult problem here. Routes sends to the clients are something like the 101 VPN course… > > How do you handle your routing table on your VPN systems with mpd5 without having to push routes from your concentrators ? > > Best regards, > Y. Cisco et al don't use plain l2tp/pptp - they allow the remote configuration of client routing.. traditional ppp doesn't allow the ability to push configuration to the clients outside of IP/dns/netbios etc, IPsec for example has this ability but straight ppp does not. You will probably be better off by doing IPsec over L2TP as it should cover what you need
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?514787D8.6010207>