Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

static routes #251

Open
mw-cyrano opened this issue Nov 16, 2022 · 3 comments
Open

static routes #251

mw-cyrano opened this issue Nov 16, 2022 · 3 comments

Comments

@mw-cyrano
Copy link

mw-cyrano commented Nov 16, 2022

Hello,

xl2tpd comes with an internal DHCP server. How can that be disabled?

I'm trying to push static routes to the VPN client. That is not possible via l2tp, it needs to be done via DHCP.

xl2tpd comes with a build in DHCP server. Does it support static routes? I didn't find anything about that in the manpage.

Alternatively, can I disable the internal DHCP server and use a standard dhcp server like the systemd buildin or isc-dhcp?

Best,
Matthias

@jkroonza
Copy link

jkroonza commented Sep 1, 2023

[1] jkroon@plastiekpoot ~/projects/xl2tpd (master) $ grep -ri dhcp .
[1] jkroon@plastiekpoot ~/projects/xl2tpd (master) $ find . -iname "*dhcp*"
jkroon@plastiekpoot ~/projects/xl2tpd (master) $ 

I'm not so sure about that, you sure it's not about the DHCP server associated with pppd? xl2tpd will merely execute yoru system's pppd, which then manages the ppp part of the protocol, and I know ppp has some DHCP related stuff going on.

@mw-cyrano
Copy link
Author

mw-cyrano commented Sep 6, 2023

Apparently, DHCP is just the wrong word or protocol. However, there's some IP address assigning happening. You can configure a range in /etc/xl2tpd/xl2tpd.conf from which the clients get there addresses.

Some proprietary implementations of l2tp also allow the assignment of static routes during this process. How can I achieve that with xl2tpd?

Example:

l2tp server 10.1.0.1
client range 10.1.0.2 - 20
However it might be the case, that there's another subnet in use, let's say 192.168.1.0/24. I'd need to find a way to tell the clients, that they can reach 192.168.1.10 through 10.1.0.1. E. g. Sophos can do that.

@jkroonza
Copy link

jkroonza commented Sep 6, 2023

I'm not aware of a way to achieve this.

https://forum.mikrotik.com/viewtopic.php?t=149241 concurs, but also give some ideas.

This hints that there is a way to push to the client that it needs to use DHCP to obtain IP information (where with DHCP it's perfectly possible to push static routes to the client).

Gentoo carried a patch for enabling dhcp over ppp, looking at the code I honestly can't gauge exactly what was happening there.

The plugin that was used can be obtained here: http://www.netservers.net.uk/gpl/ppp-dhcpc.tgz

The README seems to be rudementary, and I'm not sure how many clients would support this out of the box. Just looking at the Makefile I can see why this got dropped from Gentoo ... your mileage will vary.

L2TP by itself merely establishes a tunnel/call between two points, and basically provides a "virtual L2", on top of that typically pppd then runs and that's what manages the IP layer, as such, IP and routes is out-of-scope for L2TP even though most L2TP servers that I've worked with have a basic IP allocation mechanism and then informs ppp what the IPs to use should be - this is the first thing we normally switch off and hack out if needed since we use radius for IP allocations.

Hope this helps. Never done something like this myself, but if it works well I would certainly like to look further into this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants