Duvida sobre L2TP/IPSec
Bom dia,
Estou configurando no Debian "Squeeze" um serviço de VPN usando OpenSWAN + xl2tpd.
Minha duvida: é possível forçar um usuario a pegar sempre o mesmo IP?
Exemplo:
Quando o usuario vpnuser1 conectar na vpn, tal usuario use sempre o ip 10.0.0.200
Outra duvida, dá para integrar tudo isso com LDAP?
Segue meus confs:
/etc/ipsec.conf ---------------------------------------------------------------------
version 2.0
config setup
strictcrlpolicy=no
nat_traversal=yes
protostack=netkey
interfaces=%defaultroute
oe=off
#plutoopts="--interface=eth0"
conn L2TP-PSK
authby=secret
pfs=no
auto=add
rekey=no
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
ikelifetime=8h
keylife=1h
type=transport
left=%defaultroute
leftprotoport=17/%any
right=%any
rightprotoport=17/%any
---------------------------------------------------------------------
/etc/ipsec.secrets ------------------------------------------
MeuIPValido %any: PSK "senha"
---------------------------------------------------------------------
/etc/xl2tpd/xl2tpd.conf ------------------------------------
[global]
debug tunnel = yes
[lns default]
ip range = 10.0.0.200-10.0.0.250
local ip = 10.0.0.1
assign ip = yes
require chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
---------------------------------------------------------------------
/etc/ppp/options.xl2tpd -----------------------------------
passive
lock
name *
proxyarp
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 10
lcp-echo-interval 5
nodeflate
noauth
refuse-chap
refuse-mschap
refuse-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
mtu 1400
mru 1400
crtscts
idle 1800
nodefaultroute
debug
connect-delay 5000
asyncmap 0
noipx
hide-password
noccp
nobsdcomp
novj
novjccomp
nopcomp
noaccomp
---------------------------------------------------------------------
/etc/ppp/chap-secrets ------------------------------------
# Secrets for authentication using CHAP
# client server secret IP addresses
vpnuser * "senha" 10.0.0.200
vpnuser1 * "senha" 10.0.0.250
---------------------------------------------------------------------
Abraços,
Diego
Reply to: