On Sun, 29 Sep 2013, Lars Mueller wrote: > Hi, > I have set remoteip in the pppd.conf to an 10.x.x.x range, i would expect > that users get an IP in this range from the server. > However, some users misconfigurations set the remoteip to a 192.x.x IP given > by the user. So my ip-up and ip-down scripts on the server gets called with a > user given, wrong, 192.x.x. IP, and not the server provided 10.x.x.x > Should a user be allowed to do this That's up to you. See "ipcp-accept-remote" in 'man pppd'. > or is this a bug? If yes, can i block > users from providing their own IPs? > As the ip-up and ip-down scripts set per-user firewall rules, it is quite a > security issue if a user has the possibility to provide an IP of his choice, > rather than the IP that is given to him by the server. > > Thanks in advance > > Lars > > > > cat /etc/pptpd.conf : > option /etc/ppp/options.pptpd > connections 200 > noipparam > localip 10.14.15.1 > remoteip 10.14.15.2-255 > > cat /etc/ppp/options.pptpd: > mtu 1450 > mru 1450 > receive-all > defaultroute > default-mru > ktune > name pptpd > refuse-pap > refuse-chap > refuse-mschap > require-mschap-v2 > require-mppe-128 > ms-dns 192.162.102.50 > ms-dns 115.187.74.91 > proxyarp > lock > nobsdcomp > novj > novjccomp > nologfd > > -- > To unsubscribe from this list: send the line "unsubscribe linux-ppp" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe linux-ppp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
