On Thursday, January 19, 2012 14:10 CET, "Sebastian Reitenbach" <sebas...@l00-bugdead-prods.de> wrote: > On Thursday, January 19, 2012 02:23 CET, YASUOKA Masahiko > <yasu...@yasuoka.net> wrote: > > > Hi, > > > > On Thu, 19 Jan 2012 02:14:48 +0900 (JST) > > YASUOKA Masahiko <yasu...@yasuoka.net> wrote: > > > On Tue, 17 Jan 2012 11:57:07 +0100 > > > "Sebastian Reitenbach" <sebas...@l00-bugdead-prods.de> wrote: > > > If you don't like this limitation, you can use 'pppx mode'. In 'pppx > > > mode' npppd will create a pppx interface for each PPP session. You > > > can add any routes to the interface. > > > > Unfortunately the ingress filter of `pipex' drops all these packets. > > It's always on by default and not configurable. It should be > > configurable, but it is not implemented yet. > > Since the pppx mode doesn't seem to work for me with the xl2tpd client > I could not test this here. > > > besides having routes on the server, I wonder whether I can push routes to > the client automatically. > So the client just starts up the l2tpd client and connects, then its getting > told from the server, which routes > to which networks behind the VPN endpoint it should set into the tunnel. > But as I recognized now, the xl2tp client on the Linux host called > /etc/ppp/ip-up script. So I guess the client > has to take care on its own which extra routes it will set up. > > So if I understand it now: > * on the OpenBSD VPN Server, I can just use the tun0 interface > * enable packet forwarding > * have normal routes defined to the extra networks > * maybe protecting things with PF > * on the client I have an ip-up script that runs when the tunnel gets > established, > * this sets routes to the networks behind the VPN Server into the tunnel > > This I actually tried, and seems to work. > > But on the mobile phone, Android 2.2 what I tried now, I haven't yet seen a > hook where I could > setup extra routes. maybe someone on the list may give me a hint here?
After some more tests I can answer this myself. The Android just puts the default route into the tunnel. Sebastian > > > > > > > To enable 'pppx mode', add > > > > > > pppx_mode: true > > > > > > to /etc/npppd/npppd.conf. > > > > Sorry, above example was wrong. To test `pppx mode' > > > > (1) create /dev/pppx0 > > % cd /dev > > % sudo sh MAKEDEV pppx > > (2) replace from `tun0' to `pppx0' in /etc/npppd/npppd.conf > > (3) add "interface.pppx0.pppx_mode: true" to /etc/npppd/npppd.conf > > I tried this pppx mode on my OBSD VM, together with the Linux client, but it > doesn't establish the connection: > > - I created the pppx device as explained above > - edited npppd.conf: > > #interface_list: tun0 > #interface.tun0.ip4addr: 10.66.66.1 > interface_list: pppx0 > interface.pppx0.ip4addr: 10.66.66.1 > interface.pppx0.pppx_mode: true > ... > > then start, and try the client to connect: > > $ sudo /usr/sbin/npppd -d > 2012-01-19 13:32:37:NOTICE: Starting npppd pid=7082 version=5.0.0 > 2012-01-19 13:32:37:NOTICE: Load configuration from='/etc/npppd/npppd.conf' > successfully. > 2012-01-19 13:32:37:INFO: pppx0 Started pppx > 2012-01-19 13:32:37:INFO: Listening /var/run/npppd_ctl (npppd_ctl) > 2012-01-19 13:32:37:INFO: pool name=default dyn_pool=[10.66.66.0/25] > pool=[10.66.66.0/24] > 2012-01-19 13:32:37:INFO: Loading pool config successfully. > 2012-01-19 13:32:37:INFO: realm name=local(local) Loaded users > from='/etc/npppd/npppd-users.csv' successfully. 1 users > 2012-01-19 13:32:37:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP] > 2012-01-19 13:32:37:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP] > 2012-01-19 13:32:37:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) [PPTP] > 2012-01-19 13:32:37:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC) > 2012-01-19 13:32:37:INFO: pppx0 is using ipcp=default(1 pools). > > here I connected the client: > 2012-01-19 13:39:02:NOTICE: l2tpd ctrl=1 logtype=Started RecvSCCRQ > from=10.0.0.31:1701/udp tunnel_id=1/29795 protocol=1.0 winsize=4 hostname=sre > vendor=xelerance.com firm=0690 > 2012-01-19 13:39:02:INFO: l2tpd ctrl=1 SendSCCRP > 2012-01-19 13:39:02:INFO: l2tpd ctrl=1 RecvSCCN > 2012-01-19 13:39:02:INFO: l2tpd ctrl=1 SendZLB > 2012-01-19 13:39:02:INFO: l2tpd ctrl=1 call=30483 RecvICRQ session_id=2737 > 2012-01-19 13:39:02:INFO: l2tpd ctrl=1 call=30483 SendICRP session_id=30483 > 2012-01-19 13:39:02:WARNING: l2tpd ctrl=1 call=30483 AVP > (RX_CONNECT_SPEED/38) is not supported, but it's mandatory > 2012-01-19 13:39:02:INFO: l2tpd ctrl=1 call=30483 RecvICCN session_id=2737 > calling_number= tx_conn_speed=10000000 framing=sync > 2012-01-19 13:39:02:NOTICE: l2tpd ctrl=1 call=30483 logtype=PPPBind ppp=0 > 2012-01-19 13:39:02:INFO: ppp id=0 layer=base logtype=Started > tunnel=L2TP(10.0.0.31:1701) > 2012-01-19 13:39:02:INFO: l2tpd ctrl=1 call=30483 SendZLB > 2012-01-19 13:39:03:INFO: ppp id=0 layer=lcp logtype=Opened mru=1400/1410 > auth=MS-CHAP-V2 magic=399562f0/187d146d > 2012-01-19 13:39:03:INFO: ppp id=0 layer=chap proto=mschap_v2 logtype=Success > username="user1" realm=local > 2012-01-19 13:39:03:WARNING: ppp id=0 layer=base No interface binding. > 2012-01-19 13:39:03:INFO: l2tpd ctrl=1 call=30483 SendCDN result=ERROR_CODE/2 > error=GENERIC_ERROR/6 messsage=Disconnected by local PPP > 2012-01-19 13:39:03:NOTICE: l2tpd ctrl=1 call=30483 logtype=PPPUnbind > 2012-01-19 13:39:03:NOTICE: ppp id=0 layer=base logtype=TUNNELUSAGE > user="user1" duration=1sec layer2=L2TP layer2from=10.0.0.31:1701 > auth=MS-CHAP-V2 data_in=166bytes,6packets data_out=168bytes,7packets > error_in=0 error_out=0 mppe=no iface=(not binding) > 2012-01-19 13:39:03:INFO: l2tpd ctrl=1 RecvZLB > 2012-01-19 13:39:20:INFO: l2tpd ctrl=1 SendStopCCN result=1 > 2012-01-19 13:39:20:INFO: l2tpd ctrl=1 RecvZLB > 2012-01-19 13:39:20:NOTICE: l2tpd ctrl=1 logtype=Finished > 2012-01-19 13:39:20:INFO: l2tpd Received from=10.0.0.31:1701: bad control > message: tunnelId=1 is not found. mestype=StopCCN > 2012-01-19 13:39:21:INFO: l2tpd Received from=10.0.0.31:1701: bad control > message: tunnelId=1 is not found. mestype=StopCCN > 2012-01-19 13:39:22:INFO: l2tpd Received from=10.0.0.31:1701: bad control > message: tunnelId=1 is not found. mestype=StopCCN > 2012-01-19 13:39:23:INFO: l2tpd Received from=10.0.0.31:1701: bad control > message: tunnelId=1 is not found. mestype=StopCCN > 2012-01-19 13:39:24:INFO: l2tpd Received from=10.0.0.31:1701: bad control > message: tunnelId=1 is not found. mestype=StopCCN > > here I stopped npppd again: > 2012-01-19 13:42:05:INFO: l2tpd Shutdown 0.0.0.0:1701/udp (L2TP LNS) > 2012-01-19 13:42:05:INFO: l2tpd Shutdown [::]:1701/udp (L2TP LNS) > 2012-01-19 13:42:05:INFO: pptpd Shutdown 0.0.0.0:1723/tcp > 2012-01-19 13:42:05:INFO: pptpd Shutdown 0.0.0.0/gre > 2012-01-19 13:42:05:NOTICE: pptpd Stopped > 2012-01-19 13:42:05:INFO: pppx0 Stopped > [[A2012-01-19 13:42:06:INFO: realm name=local(local) Finalized > 2012-01-19 13:42:06:NOTICE: Terminate npppd. > > Switching back to tun0 it just worked again. > > Sebastian > > > > > --yasuoka
