Indeed, PPPoE is great for this, but unfortunately, in my case I would prefere something else. For PPPoE all the auth stuff is easy, but if two clients from the same LAN try to copy from each other, they are killing the processor and the network card in the router instead of copying directly from one another via the switches. Another problem with the PPPoE I couldn't solve was strange disconnects of clients. I couldn't trace them to high cpu load or high network traffic. They simply appear to be random and more, when the connection crashes, I get mismatches between the number of pppX interfaces from ifconfig output and the number of interfaces that I see in /proc/net/dev.
With the IPSec I hoped to ease some traffic from the routers and also decrease the cpu load. Also I hoped I could get rid of the nasty disconnects.
Vlad Adomnicai
Eugene Butan wrote:
Hello Vlad,
Why just not to use PPPoE between your gateways and clients?
This way you will be sure that only authenticated clients will be given Internet access.
Eugene
On Monday 21 March 2005 16:12, Vlad Adomnicai wrote:
_______________________________________________Hi, I'm trying to build an ipsec gateway and somewhere I'm doing something wrong.
I have a couple of routers that have clients in their back. All the routers are connected into a switch. In that switch I also have a computer that provides internet access to the clients. I would like to setup some sort of autentification (don't need encryption), to allow me to give access to different services to clients. Diferenciating services I can do on the internet gateway, but on the routers I have to be certain that a certain IP is not stolen. I have set up ipsec so that if a client pings his gateway, it will work only if he has the same key as defined on the server. However, if he pings the internet gateway, it will work, no matter what I do. I would like the router to validate all packets to the outside LAN. Also I would like to achieve this with the lowest CPU utilization possible although this isn't critical. (about 150 clients behind one router (p2-400/p3-600)).
The documentation that I have found was only how to establish secure connection between two computers, but what I need is to get outside of it and if possible to not use VPN, because I want the clients that are in the same LAN have maximum trasnfer speeds.
Thx for any suggestions in advance.
Vlad Adomnicai
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc