Hello, On Tue, 17 Jan 2012 11:57:07 +0100 "Sebastian Reitenbach" <sebas...@l00-bugdead-prods.de> wrote: > npppd doesn't implement AVP38, but reading the RFC, it seems, since > its not mandatory, that should not be a problem. > xl2tpd is wrong, requiring AVP 38 as mandatory.
I belive this is a bug of xl2tpd, but I think npppd should continue to establish a L2TP session in this case. I'll fix this soon. > After the client got its IP address, it can access the VPN server > via the tunnel. But how to access hosts behind the tunnel endpoint? > I wonder how to tell the client about routes? If you want to setup a route to an address/mask automaticaly on establish PPP link, you can use Framed-IP-Address and Framed-IP-Network attribute to /etc/npppd/npppd-users.csv or setup them your RADIUS server. In usr.sbin/npppd/HOWTO_PIPEX_NPPPD.txt: |[npppd-users.csv] | - First line of the CSV is *IGNORED*. It is treated as a title line. |------------------------------------------------------------------------------- |Username,Password,Framed-IP-Address,Framed-IP-Netmask,Description,Calling-Id |user1,user1's secret,10.0.0.129,,memo for user1 |------------------------------------------------------------------------------- If you want more routes, npppd cannot setup them automatically. But if npppd will support Framed-Route attribute, it will help this issue. In addition to, as the default, npppd concentrates a lot of PPP sessions to one interface. Because of this design, you can not add extra routes by hand using route(8) command. If you don't like this limitation, you can use 'pppx mode'. In 'pppx mode' npppd will create a pppx interface for each PPP session. You can add any routes to the interface. To enable 'pppx mode', add pppx_mode: true to /etc/npppd/npppd.conf. > Is the isakmpd responsible to set this up prior the L2TP > authentication, and this has to be configured in the ipsec.conf? No, IKE and IPsec are used only for outer of the PPP tunnel. > have routes to be pushed via npppd when it gives the IP to the > client, like OpenVPN is doing it? > Or something else, i.e. the client must know what to access behind > the VPN and setup routes on its own? As I mentioned above, I think npppd can do the same things that OpenVPN can do by the way we go. --yasuoka