Hi,
On Fri, 28 Feb 2014 11:54:07 -0800
"Paul B. Henson" <hen...@acm.org> wrote:
> According to the npppd.conf man page:
>
> pool-address address-range | address-mask [for dynamic | static]
> Specify the IP address space that is pooled for this IPCP
> setting. The address space can be specified by address-range
> (e.g. 192.168.0.2-192.168.0.254) or address-mask (e.g.
> 192.168.0.0/24) . dynamic means the address space is reserved
> for dynamic allocation; static means the address space is
> reserved for static allocation. The default is dynamic. This
> option can be used multiple times.
>
> However, if I try to specify an address-mask:
>
> ipcp IPCP {
> pool-address 10.128.120.0/24
> dns-servers 10.128.0.4
> allow-user-selected-address no
> }
>
> It says there's a syntax error:
>
> 2014-02-28 11:48:24:NOTICE: Starting npppd pid=31351 version=5.0.0
> 2014-02-28 11:48:24:WARNING: pptpd GRE protocol not allowed
> 2014-02-28 11:48:24:CRIT: /etc/npppd/npppd.conf:12: syntax error
> 2014-02-28 11:48:24:CRIT: /etc/npppd/npppd.conf:17: ipcp IPCP is not found
> 2014-02-28 11:48:24:CRIT: /etc/npppd/npppd.conf:18: interface pppx0 is not
> found
Currently the parser needs to surrounding the address-mask with double
quote like below:
pool-address "10.128.120.0/24"
I will try to fix this.
And also we can use
pool-address 10.128.120.0:255.255.255.0
format. I will add mention this to the man page.
> I had originally specified an address range:
>
> ipcp IPCP {
> pool-address 10.128.120.2-10.128.120.254
> dns-servers 10.128.0.4
> allow-user-selected-address no
> }
>
> This works, but it's rather confusing in that it shows a whole bunch of tiny
> allocations rather than a contiguous one:
>
> 2014-02-28 11:53:08:INFO: ipcp=IPCP pool
> dyn_pool=[10.128.120.2/31,10.128.120.4/30,10.128.120.8/29,10.128.120.16/28,10.128.120.32/27,10.128.120.64/26,10.128.120.128/26,10.128.120.192/27,10.128.120.224/28,10.128.120.240/29,10.128.120.248/30,10.128.120.252/31,10.128.120.254/32]
>
> pool=[10.128.120.2/31,10.128.120.4/30,10.128.120.8/29,10.128.120.16/28,10.128.120.32/27,10.128.120.64/26,10.128.120.128/26,10.128.120.192/27,10.128.120.224/28,10.128.120.240/29,10.128.120.248/30,10.128.120.252/31,10.128.120.254/32]
>
> I thought maybe if I used the address-mask rather than a range this would
> be cleaner.
>
> Is the man page incorrect or am I specifying the CIDR address wrong?
The parser is not good enough.
> Assuming I want to allocate 10.128.120.1 as the local tunnel
> endpoint, and the rest of that /24 as VPN addresses, what's the best
> way to configure it?
As the default, npppd doesn't use the local tunnel endpoint address
and broadcast addresses in class network (10.0.0.0 and 10.255.255.255)
for the clients. Do you worry about 10.128.120.0 or 10.128.120.255 in
this case?
--yasuoka
