a bit OT, but stumped

Phil Mayers p.mayers at imperial.ac.uk
Sat Aug 26 13:13:42 CEST 2006


Chris Knipe wrote:
> Hi,
> 
> Just a quick question - especially valid in regards to VPN (L2TP / PPTP).
> 
> I know this will depend solely on the NAS, but considering a normal *nix 
> pppd process, and a windows based RAS client... Is it at all possible to 
> get PPP to assign static routes to the CLIENT during the authentication 
> process?

Not in-band i.e. via PPP.

There are various ways to do it with login scripts and such, but they're 
very very offtopic for this list.

OpenVPN can do it, but its radius support is somewhat weak at the moment.

> 
> Let's say I have a DMZ with 10/8 and 20/8 used for addressing.  A client 
> connects to a VPN server on a.b.c.d  Unless I tell the client to use the 
> VPN as a Default Gateway, the client will not have routes to route 10/8 
> and 20/8 over the VPN link... What needs to be done to tell Windows this?
> 
> Sure, I know I can always add these routes manually, but I'm trying to 
> avoid it :)
> 
> Just a general q... Sorry for OT

In my experience, most people just check the "use default gateway" and 
be done with it. Given PPTP is "no longer strategic" for microsoft, much 
of the features which later protocols obtained e.g. split tunnelling, 
which is the proper name for what you're seeking, never materialised. 
Given how crappy PPTP is, that's probably a good thing...

> 
> 
> Regards,
> Chris.
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list