Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 14 Sep 1998 14:09:25 -0700 (PDT)
From:      Doug White <dwhite@resnet.uoregon.edu>
To:        Oleg Semyonov <os@ktpk.dp.ua>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Dialup PPP Server: HOW TO...
Message-ID:  <Pine.BSF.4.03.9809141407530.7387-100000@resnet.uoregon.edu>
In-Reply-To: <000501bddfee$8f0f5880$0400a8c0@admin.dnepr.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 14 Sep 1998, Oleg Semyonov wrote:

> Hello All!
> 
> I want to install my own PPP dialup server with next features:
>   1) I want to use more than one tty for dialup access;
>   2) I want to use dynamic peer IP allocation for MS clients;
>   3) I want to use either login or AutoPPP+PAP/CHAP for auth;
>   4) I want to use _allocated_ peer IP address for controlling
>      access to my LAN and Internet ports and addresses via IPFW.
> Can I do all things with pppd without patching of source?
> 
> I can't use tty number for peer IP address selection because
> I have some number of peers with different LAN permissions (IPFW), so
> different IP addresses must be used for login on that tty.
> 
> I can't use peer login name for IP address selection because
> peer may be authenticated via PAP/CHAP inside of pppd process
> (no standard login procedure), so no way to define remote IP based
> on this auth (I may check IP by secret file but I need to _send_
> peer IP via IPCP - I do not want to set peer IP addresses manually
> on client side).
> 
> Possible solution may be to instruct pppd to send peer IP address
> which was selected from one of addresses allowed for already
> authenticated client (and some IPs may be unavailable because
> others clients with same priviledges and so IPs allowed (for IPFW)
> may be connected at same time).

The trick to this is realizing that you're statically allocating IPs on a
per-port basis, but the client doesn't know this. pppd will take care of
telling the client what it needs to know.  The rest is all documented.

If you want to do Windows-style PAP authentication look at the 'pp'
gettytab capability.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.03.9809141407530.7387-100000>