I think this is on TODO-list. This is why npppd considered to be "not ready" and thus not linked to build.
//mxb On 17 feb 2013, at 16:32, Stuart McMurray <[email protected]> wrote: > Hi all, > > I'm having a bit of trouble getting l2tp working from behind a firewall. > > Here's the setup: > > OpenBSD with isakmpd and npppd -- Home Router -- Internet -- Cell Network -- > iPhone/Laptop > > Basically, the idea is to make a VPN for use when I'm travelling. > > I can connect just fine and put traffic on the network, but arp requests > from other hosts on the network don't get sent back through the l2tp > tunnel. If I manually add the ethernet address of the > > If I manually update the arp cache of another host on the network with > the ethernet address of my npppd/isakmpd box and the IP assigned by > npppd, traffic flows with no problem. > > Looking at the traffic of the nic on the npppd box, I see arp replies > coming in. tcpdump on the pipex interface doesn't report the arp > requests. > > Is there something special I need to do to send non-ip traffic through > the vpn? > > Here are my config files: > ipsec.conf: > ike passive esp transport \ > proto udp from mydomain.com (0.0.0.0/0) to any port 1701 \ > main auth "hmac-sha" enc "aes" group modp1024 \ > quick auth "hmac-sha" enc "aes" \ > psk "xxxxxxx" > > npppd.conf: > authentication LOCAL type local { > users-file "/etc/npppd/npppd-users" > } > tunnel L2TP_ipv4 protocol l2tp { > listen on 0.0.0.0 > l2tp-accept-dialin yes > } > ipcp IPCP { > pool-address 192.168.11.150-192.168.11.159 > dns-servers 192.168.11.25 > } > interface pppx0 address 192.168.11.160 ipcp IPCP > bind tunnel from L2TP_ipv4 authenticated by LOCAL to pppx0 > > npppd-users: > stuart:\ > :password=foo: > > ifconfig's output: > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33152 > priority: 0 > groups: lo > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > inet 127.0.0.1 netmask 0xff000000 > re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 76:7f:52:6e:91:0d > priority: 0 > groups: egress > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet6 fe80::747f:52ff:fe6e:910d%re0 prefixlen 64 scopeid 0x1 > inet6 2601:xxx prefixlen 64 autoconf pltime 14391 vltime 86391 > inet6 2601:xxx prefixlen 64 autoconf autoconfprivacy pltime 6138 > vltime 78138 > inet 192.168.11.29 netmask 0xffffff00 broadcast 192.168.11.255 > enc0: flags=0<> > priority: 0 > groups: enc > status: active > pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33152 > priority: 0 > groups: pflog > pppx0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1360 > description: stuart > priority: 0 > groups: pppx > inet 192.168.11.160 --> 192.168.11.157 netmask 0xffffffff > > Thanks, > > Stuart
