From owner-freebsd-net@FreeBSD.ORG  Fri Aug 11 03:32:49 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 93F3016A4DA
	for <net@freebsd.org>; Fri, 11 Aug 2006 03:32:49 +0000 (UTC)
	(envelope-from brett@lariat.net)
Received: from lariat.net (lariat.net [65.122.236.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0A8C443D46
	for <net@freebsd.org>; Fri, 11 Aug 2006 03:32:48 +0000 (GMT)
	(envelope-from brett@lariat.net)
Received: from Anne (IDENT:ppp1000.lariat.net@lariat.net [65.122.236.2])
	by lariat.net (8.9.3/8.9.3) with ESMTP id VAA01022;
	Thu, 10 Aug 2006 21:32:27 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook renders your system
	susceptible to Internet worms.
Message-Id: <7.0.1.0.2.20060810212047.073f0078@lariat.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Thu, 10 Aug 2006 21:32:22 -0600
To: Ganbold <ganbold@micom.mng.net>
From: Brett Glass <brett@lariat.net>
In-Reply-To: <44DBF2BB.5080202@micom.mng.net>
References: <7.0.1.0.2.20060810201735.067258b0@lariat.net>
	<44DBF2BB.5080202@micom.mng.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: net@freebsd.org
Subject: Re: Big PPTP server
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2006 03:32:49 -0000

At 09:00 PM 8/10/2006, Ganbold wrote:

>It will be much easier if you can write some script to generate 
>mpd config files. I'm generating config files such way for PPPoE.

Is there a way to avoid having to generate them at all? It seems to 
me that it would be very easy for mpd to create netgraph nodes on 
the fly as it needed them.

>Did you try Radius?

This company hasn't been using a RADIUS server. They have an Active 
Directory server (yuck!), but I don't know if it would be useful 
for this purpose.

By the way, a related problem I'm encountering is that mpd seems to 
want some options set before authentication when they need to be 
set afterward based on the user's identity. For example, while the 
user's IP can be set when the user is identified and authenticated 
(via mpd.secret), the IP at the host end of the PPP link can't. So, 
you run into situations where the IP assigned to the incoming 
PPP/PPTP user isn't on the same subnet as the one assigned to the 
host, which seems to cause routing problems.

--Brett Glass