Sorry for the late reply, adding ":framed-ip-netmask=255.255.255.0:" doesn't solve the problem. Tested on Win10.
On Mon, 22 Feb 2021 14:55:52 +0900 (JST) YASUOKA Masahiko <yasu...@openbsd.org> wrote: > Hi, > > On Sun, 21 Feb 2021 19:18:48 +0100 > Radek <r...@int.pl> wrote: > >> The interface which terminate the tunnel has "192.168.4.254". > >> Right? > > Do you mean the other end of the tunnel? It is 10.109.4.254 > > interface pppx0 address 10.109.4.254 ipcp IPCP > > Sorry, "192.168.4.244" should have been "10.109.4.254". > > >> How about if you configure the npppd-users > >> > >> rdk: > >> :password=passsssword:\ > >> :framed-ip-address=10.109.4.254:\ > >> :framed-ip-netmask=255.255.255.0: > >> > >> The server (npppd) will configure a route for 10.109.4.0/24 to the PPP > >> session authenticated by the above "rdk". > > I have tried to configure npppd-users with netmask /24, but it doesnt make > > any changes. Still have all traffic to 10.0.0.0/8 going across the tunnel > > to 10.109.4.254(VPN), but I need to push the traffic to 10.109.3.0/24 > > through the tunnel (via 10.109.4.254) and the rest of 10.0.0.0/8 through > > default gw or sometimes some traffic to 10.0.0.0/8 through another tunnel > > at the same time. Now if the PPP tunnel is established the VPN catches all > > the 10.0.0.0/8 traffic. > > > > The VPN client (Windows7/10) is configured to NOT use the VPN as remote gw. > > > > Example: > > I have a public, static IP. There is configured route to 10.55.0.0/24 at > > the ISP's side and I dont need any VPN tunnel to access 10.55...... > > Somewhere over the rainbow is a router with LAN 10.109.3.0/24 and npppd. > > If I use the PPP tunnel I can acces 10.109.3.0/24 but at the same time I > > can't access 10.55.0.0/24 because all 10.0.0.0/8 goes across the tunnel. > > The route to the natural netmask of the tunnel address, 10.0.0.0/8 in > this case, is configured by Windows automatically. I don't know a way > to stop or override this. But by using another addresses for the > tunnel, you can avoid the problem. Also we can use dhcpd(8) to push > routes configuration. > > For example, > > 1. Use 192.168.255.0/24 for the tunnel to avoid the conflict on > 10.0.0.0/8. > > ipcp IPCP { > pool-address 192.168.255.1-192.168.255.32 > : > interface pppx0 address 192.168.255.254 ipcp IPCP > --- > rdk: > :password=passsssword:\ > :framed-ip-address=192.168.255.32: > > 2. Configure dhcpd > > /etc/dhcpd-l2tp.conf > ---- > subnet 192.168.255.0 netmask 255.255.255.0 { > option classless-ms-static-routes 10.109.3.0/24 192.168.255.254; > option classless-static-routes 10.109.3.0/24 192.168.255.254; > } > --- > > $ doas /usr/sbin/dhcpd -u255.255.255.255 -c /etc/dhcpd-l2tp.conf > > > On Sun, 21 Feb 2021 23:18:19 +0900 (JST) > > YASUOKA Masahiko <yasu...@openbsd.org> wrote: > > > >> Hello, > >> > >> On Sat, 20 Feb 2021 21:14:24 +0100 > >> Radek <r...@int.pl> wrote: > >> > I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw > >> > 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254. > >> > If the client is conencted to VPN all client's traffic to 10.0.0.0/8 > >> > goes via 10.109.4.254 > >> > > >> > client> route print > >> > Network Destination Netmask Gateway Interface Metric > >> > 0.0.0.0 0.0.0.0 192.168.1.1 > >> > 192.168.1.101 20 > >> > 10.0.0.0 255.0.0.0 10.109.4.254 > >> > 10.109.4.1 21 > >> > 10.109.4.1 255.255.255.255 On-link > >> > 10.109.4.1 276 > >> > [...] > >> > >> The interface which terminate the tunnel has "192.168.4.254". > >> Right? > >> > >> > $ cat /etc/npppd/npppd-users > >> > rdk:\ > >> > :password=passsssword:\ > >> > :framed-ip-address=10.109.4.1: > >> > #:framed-ip-netmask=255.255.255.0: > >> > >> How about if you configure the npppd-users > >> > >> rdk: > >> :password=passsssword:\ > >> :framed-ip-address=10.109.4.254:\ > >> :framed-ip-netmask=255.255.255.0: > >> > >> ? > >> > >> The server (npppd) will configure a route for 10.109.4.0/24 to the PPP > >> session authenticated by the above "rdk". > >> > >> > >> On Sat, 20 Feb 2021 21:14:24 +0100 > >> Radek <r...@int.pl> wrote: > >> > Hi, > >> > I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw > >> > 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254. > >> > If the client is conencted to VPN all client's traffic to 10.0.0.0/8 > >> > goes via 10.109.4.254 > >> > > >> > client> route print > >> > Network Destination Netmask Gateway Interface Metric > >> > 0.0.0.0 0.0.0.0 192.168.1.1 > >> > 192.168.1.101 20 > >> > 10.0.0.0 255.0.0.0 10.109.4.254 > >> > 10.109.4.1 21 > >> > 10.109.4.1 255.255.255.255 On-link > >> > 10.109.4.1 276 > >> > [...] > >> > > >> > I need to redirect the traffic to 10.109.4.254 only if it goes to the > >> > remote LAN (10.109.3.0/24), the rest should go via def gw. > >> > How can I configure it on the router/server side ? > >> > > >> > $ cat /etc/npppd/npppd.conf > >> > # $OpenBSD: npppd.conf,v 1.3 2020/01/23 03:01:22 dlg Exp $ > >> > # sample npppd configuration file. see npppd.conf(5) > >> > > >> > set max-session 200 > >> > set user-max-session 4 > >> > > >> > authentication LOCAL type local { > >> > users-file "/etc/npppd/npppd-users" > >> > } > >> > tunnel L2TP protocol l2tp { > >> > listen on X.X.X.X > >> > } > >> > > >> > ipcp IPCP { > >> > pool-address 10.109.4.1-10.109.4.32 > >> > dns-servers 1.1.1.1 > >> > } > >> > > >> > # use pppx(4) interface. use an interface per a ppp session. > >> > interface pppx0 address 10.109.4.254 ipcp IPCP > >> > bind tunnel from L2TP authenticated by LOCAL to pppx0 > >> > > >> > $ cat /etc/npppd/npppd-users > >> > rdk:\ > >> > :password=passsssword:\ > >> > :framed-ip-address=10.109.4.1: > >> > #:framed-ip-netmask=255.255.255.0: > >> > > >> > $ dmesg | head > >> > OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021 > >> > > >> > r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > >> > > >> > -- > >> > Radek > >> > > >> > > -- > > Radek > > -- Radek