Can MPD5-client assign a specific remote IP address to the ng interface, ignoring the server offer?

Y

yurybx

Good for you!
There was a need to connect via L2TP/IPSeс to a remote server. That server, it seems to me, is incorrectly configured, since during an L2TP connection it offers the client its own public address as a remote IP address for my ng interface. Because of this, the IPSec connection becomes broken, because the packets are trying to go through the ng-interface.
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1410 inet 10.10.181.222 --> 195.149.70.70 netmask 0xffffffff nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Unfortunately, I do not control the server on that side.
But I solved the problem by installing the CentOS and it's native XL2TP-client, which has the option to force the assignment of a specific remote IP address to the PPP interface.
But I do not want to produce extra essence. I have FreeBSD and MPD5 as a VPN server, and I also want to use it as an L2TP client. To do this, I add the line:
set ipcp ranges 0.0.0.0/0 10.10.181.223/32
But as a result, the ng interface cannot get an IP address at all, and the connection not establishes:
IPADDR 195.149.70.70 NAKing with 10.10.0.0 IPCP: not converging IPCP: parameter negotiation failed IPCP: state change Ack-Rcvd --> Stopped
Is the MPD5 client really unable to forcibly assign a remote IP-address to its interface?
 
I cannot offer a conclusive answer, however looking into the MPD5 documentation /usr/local/share/doc/mpd5/mpd26.html (open this using a web browser), you could make your ipcp ranges requirement less strict. You requested the one and only remote link endpoint address 10.10.181.223/32 from the server. See:
set ipcp ranges (local/width|ippool pool) (remote/width|ippool pool)

At the server side, the actual L2TP link endpoint address may be different, and perhaps the server finds the correct address if you specify a suitable range to choose from. That said, I would try the following in the given order:
  1. set ipcp ranges 0.0.0.0/0 10.10.181.0/24
  2. set ipcp ranges 0.0.0.0/0 10.10.0.0/16
  3. set ipcp ranges 0.0.0.0/0 10.0.0.0/8
 
obsigna, it does not work.
I did not manage to get the MPD5 to work, but XL2TPd+LibreSwan (in CentOS) works fine. I just added the line
Code: 
:10.0.0.1
to the "/etc/ppp/options.vpn-uz", and it all worked!
So now I have one more virtual machine on my Hyper-V server :)
 
You must log in or register to reply here.
Back
Top