search

xelerance / xl2tpd

Official Xelerance fork of L2TPd
GNU General Public License v2.0
514 stars 201 forks source link

static routes #251

Open mw-cyrano opened 1 year ago

mw-cyrano commented 1 year ago

Hello,

xl2tpd comes with an internal DHCP server. How can that be disabled?

I'm trying to push static routes to the VPN client. That is not possible via l2tp, it needs to be done via DHCP.

xl2tpd comes with a build in DHCP server. Does it support static routes? I didn't find anything about that in the manpage.

Alternatively, can I disable the internal DHCP server and use a standard dhcp server like the systemd buildin or isc-dhcp?

Best, Matthias

jkroonza commented 1 year ago 
[1] jkroon@plastiekpoot ~/projects/xl2tpd (master) $ grep -ri dhcp .
[1] jkroon@plastiekpoot ~/projects/xl2tpd (master) $ find . -iname "*dhcp*"
jkroon@plastiekpoot ~/projects/xl2tpd (master) $

I'm not so sure about that, you sure it's not about the DHCP server associated with pppd? xl2tpd will merely execute yoru system's pppd, which then manages the ppp part of the protocol, and I know ppp has some DHCP related stuff going on.

mw-cyrano commented 1 year ago

Apparently, DHCP is just the wrong word or protocol. However, there's some IP address assigning happening. You can configure a range in /etc/xl2tpd/xl2tpd.conf from which the clients get there addresses.

Some proprietary implementations of l2tp also allow the assignment of static routes during this process. How can I achieve that with xl2tpd?

Example:

l2tp server 10.1.0.1 client range 10.1.0.2 - 20 However it might be the case, that there's another subnet in use, let's say 192.168.1.0/24. I'd need to find a way to tell the clients, that they can reach 192.168.1.10 through 10.1.0.1. E. g. Sophos can do that.

jkroonza commented 1 year ago

I'm not aware of a way to achieve this.

https://forum.mikrotik.com/viewtopic.php?t=149241 concurs, but also give some ideas.

This hints that there is a way to push to the client that it needs to use DHCP to obtain IP information (where with DHCP it's perfectly possible to push static routes to the client).

Gentoo carried a patch for enabling dhcp over ppp, looking at the code I honestly can't gauge exactly what was happening there.

The plugin that was used can be obtained here: http://www.netservers.net.uk/gpl/ppp-dhcpc.tgz

The README seems to be rudementary, and I'm not sure how many clients would support this out of the box. Just looking at the Makefile I can see why this got dropped from Gentoo ... your mileage will vary.

L2TP by itself merely establishes a tunnel/call between two points, and basically provides a "virtual L2", on top of that typically pppd then runs and that's what manages the IP layer, as such, IP and routes is out-of-scope for L2TP even though most L2TP servers that I've worked with have a basic IP allocation mechanism and then informs ppp what the IPs to use should be - this is the first thing we normally switch off and hack out if needed since we use radius for IP allocations.

Hope this helps. Never done something like this myself, but if it works well I would certainly like to look further into this.