James Carlson writes: > tony.chamberlain@xxxxxxxxx writes: > > and then in CHAP secrets I put logins and passwords. > > Thing is, people need their own IP address (need to count > > on it each time they connect). For instance, if I have > > something in chap secrets like One other thing I should have noted: this controls only the address negotiated by IPCP. The user can use any source address he wants into the packets he sends, regardless of what was actually negotiated by IPCP. This is normal and expected -- it's how routing works -- so don't think of the negotiation as any sort of "security." It's a parameter assignment mechanism, and nothing else. Think if it as advisory information. If you need to restrict the usage of the link (e.g., limit the set of source addresses that the remote peer may use), then you'll need to set up packet filters on your end. These are independent of PPP. The very same issue shows up with all types of links, including Ethernet: if you want to restrict what you allow, then you need to configure filters. Link protocols generally don't do that for you, and the restrictions you use will depend on the exact needs of the deployment. -- James Carlson 42.703N 71.076W <carlsonj@xxxxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-ppp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
