Duvida sobre L2TP/IPSec

To: debian-user-portuguese@lists.debian.org
Subject: Duvida sobre L2TP/IPSec
From: Diego Paludo <diego.paludo@gmail.com>
Date: Thu, 10 May 2012 10:55:16 -0300
Message-id: <[🔎] CAPdqHHv0aA6FTy_s56JzqKv3TH=aLgFWGntWdhNK-wiwGmH7LQ@mail.gmail.com>
Reply-to: diego.paludo@gmail.com

Bom dia,

Estou configurando no Debian "Squeeze" um serviço de VPN usando OpenSWAN + xl2tpd.

Minha duvida: é possível forçar um usuario a pegar sempre o mesmo IP?

Exemplo:

Quando o usuario vpnuser1 conectar na vpn, tal usuario use sempre o ip 10.0.0.200

Outra duvida, dá para integrar tudo isso com LDAP?

Segue meus confs:

/etc/ipsec.conf ---------------------------------------------------------------------

version 2.0

config setup

strictcrlpolicy=no

nat_traversal=yes

virtual_private=%v4:192.168.0.0/16,%v4:10.0.0.0/24

protostack=netkey

interfaces=%defaultroute

oe=off

#plutoopts="--interface=eth0"

conn L2TP-PSK

authby=secret

pfs=no

auto=add

rekey=no

keyingtries=3

dpddelay=30

dpdtimeout=120

dpdaction=clear

ikelifetime=8h

keylife=1h

type=transport

left=%defaultroute

leftprotoport=17/%any

right=%any

rightprotoport=17/%any

---------------------------------------------------------------------

/etc/ipsec.secrets ------------------------------------------

MeuIPValido %any: PSK "senha"

---------------------------------------------------------------------

/etc/xl2tpd/xl2tpd.conf ------------------------------------

[global]

debug tunnel = yes

[lns default]

ip range = 10.0.0.200-10.0.0.250

local ip = 10.0.0.1

assign ip = yes

require chap = yes

refuse pap = yes

require authentication = yes

ppp debug = yes

pppoptfile = /etc/ppp/options.xl2tpd

length bit = yes

---------------------------------------------------------------------

/etc/ppp/options.xl2tpd -----------------------------------

passive

lock

name *

proxyarp

ipcp-accept-local

ipcp-accept-remote

lcp-echo-failure 10

lcp-echo-interval 5

nodeflate

noauth

refuse-chap

refuse-mschap

refuse-mschap-v2

ms-dns 8.8.8.8

ms-dns 8.8.4.4

mtu 1400

mru 1400

crtscts

idle 1800

nodefaultroute

debug

connect-delay 5000

asyncmap 0

noipx

hide-password

noccp

nobsdcomp

novj

novjccomp

nopcomp

noaccomp

---------------------------------------------------------------------

/etc/ppp/chap-secrets ------------------------------------

# Secrets for authentication using CHAP

# client server secret IP addresses

vpnuser * "senha" 10.0.0.200

vpnuser1 * "senha" 10.0.0.250

---------------------------------------------------------------------

Abraços,

Diego

Reply to:

Prev by Date: Re: offtopic - notebook novo pra uso com debian
Next by Date: smbd não está mais rodando
Previous by thread: Re: offtopic - notebook novo pra uso com debian
Next by thread: smbd não está mais rodando
Index(es):
- Date
- Thread