According to the npppd.conf man page: pool-address address-range | address-mask [for dynamic | static] Specify the IP address space that is pooled for this IPCP setting. The address space can be specified by address-range (e.g. 192.168.0.2-192.168.0.254) or address-mask (e.g. 192.168.0.0/24) . dynamic means the address space is reserved for dynamic allocation; static means the address space is reserved for static allocation. The default is dynamic. This option can be used multiple times.
However, if I try to specify an address-mask: ipcp IPCP { pool-address 10.128.120.0/24 dns-servers 10.128.0.4 allow-user-selected-address no } It says there's a syntax error: 2014-02-28 11:48:24:NOTICE: Starting npppd pid=31351 version=5.0.0 2014-02-28 11:48:24:WARNING: pptpd GRE protocol not allowed 2014-02-28 11:48:24:CRIT: /etc/npppd/npppd.conf:12: syntax error 2014-02-28 11:48:24:CRIT: /etc/npppd/npppd.conf:17: ipcp IPCP is not found 2014-02-28 11:48:24:CRIT: /etc/npppd/npppd.conf:18: interface pppx0 is not found I had originally specified an address range: ipcp IPCP { pool-address 10.128.120.2-10.128.120.254 dns-servers 10.128.0.4 allow-user-selected-address no } This works, but it's rather confusing in that it shows a whole bunch of tiny allocations rather than a contiguous one: 2014-02-28 11:53:08:INFO: ipcp=IPCP pool dyn_pool=[10.128.120.2/31,10.128.120.4/30,10.128.120.8/29,10.128.120.16/28,10.128.120.32/27,10.128.120.64/26,10.128.120.128/26,10.128.120.192/27,10.128.120.224/28,10.128.120.240/29,10.128.120.248/30,10.128.120.252/31,10.128.120.254/32] pool=[10.128.120.2/31,10.128.120.4/30,10.128.120.8/29,10.128.120.16/28,10.128.120.32/27,10.128.120.64/26,10.128.120.128/26,10.128.120.192/27,10.128.120.224/28,10.128.120.240/29,10.128.120.248/30,10.128.120.252/31,10.128.120.254/32] I thought maybe if I used the address-mask rather than a range this would be cleaner. Is the man page incorrect or am I specifying the CIDR address wrong? Assuming I want to allocate 10.128.120.1 as the local tunnel endpoint, and the rest of that /24 as VPN addresses, what's the best way to configure it? Thanks...