[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: limiting access thru pptp

On Wed, Oct 29, 2003 at 11:40:36PM +0100, stephan beirer wrote:

> [some stuff deleted, -adc]

> So I came up with the second idea of using the pptp on the
> firewall, create an account for the database guys there and
> somehow restrict their access to the ip of their w3k machine
> (while my account still has access to the whole network). i
> think that could easily be implemented as a fw rule if i could
> force pptpd or pppd to assign a static ip to their user login.
> but scanning the docs of pptpd and pppd i couldn't find a way
> to assign a static ip to a special login name.
> am i missing something or am i completely wrong with the
> concepts of pppd?  does anybody know if this can be done with
> pptpd/pppd or can anyone suggest a different solution?

A closer scan of pppd manuals would reveal that you can, in
fact, assign per-user IP addresses.  The trick is to have the
lines in /etc/ppp/{pap,chap}-secrets in the format:

username	server	secret	IP_address

for example:

stephan		*	beirer

Then make sure your /etc/pptpd.conf file correctly states the
intended range for remote ip addresses, as in


That should be all.

> cheers from berlin, germany: stephan.

great city!  i've been there once :)

hope this helps,
Text Only Email!  No Word Attachments!
See http://expita.com/nomime.html and

Reply to: