conditional routing on PPP link

I was wondering if anyone had any ideas how on a linux box running pppd
how I could create a static route based on the CHAP authentication
username that gets passed to the ppp daemon during connection. I can
bring up a blanket static route from the /etc/ppp/ip-up script, but that
runs for everyone and only needs to run for the on ppp/wan/vpn connection
which uses a unique username.

-LRM

MoldyDo <(E-Mail Removed)> writes:

]I was wondering if anyone had any ideas how on a linux box running pppd
]how I could create a static route based on the CHAP authentication
]username that gets passed to the ppp daemon during connection. I can
]bring up a blanket static route from the /etc/ppp/ip-up script, but that
]runs for everyone and only needs to run for the on ppp/wan/vpn connection
]which uses a unique username.


No. routes are for IP numbers not names.
chap is for authentication not for other uses. making ppp use such
additional stuff just increases the potential for bugs and will never
satisfy the rare person who wants it anyway.

If you told us what you really wanted perhaps you might get useful
suggestions

"MoldyDo" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> I was wondering if anyone had any ideas how on a linux box running pppd
> how I could create a static route based on the CHAP authentication
> username that gets passed to the ppp daemon during connection. I can
> bring up a blanket static route from the /etc/ppp/ip-up script, but that
> runs for everyone and only needs to run for the on ppp/wan/vpn connection
> which uses a unique username.
>
> -LRM

how about using a radius server?

radius will hand ppp the ip address and routing information.



Otherwise you have to modify pppd to give the ip up script the username...

MoldyDo <(E-Mail Removed)> wrote:
> I was wondering if anyone had any ideas how on a linux box running pppd
> how I could create a static route based on the CHAP authentication
> username that gets passed to the ppp daemon during connection. I can
> bring up a blanket static route from the /etc/ppp/ip-up script, but that
> runs for everyone and only needs to run for the on ppp/wan/vpn connection
> which uses a unique username.

If it's possible to do so (there's not enough information for me to
know), you could assign a unique IP address for each such username in
/etc/ppp/chap-secrets, and configure ip-up and ip-down to add/remove
routing based on the addresses.

--
Clifford Kite Email: "echo xvgr_yvahk-(E-Mail Removed)|rot13"
PPP-Q&A links, downloads: http://ckite.no-ip.net/
/* Emacs vs vi:
Sort of like a Swiss Army knife versus a rapier. */

On 2004-02-14, MoldyDo <(E-Mail Removed)> wrote:
> I was wondering if anyone had any ideas how on a linux box running pppd
> how I could create a static route based on the CHAP authentication
> username that gets passed to the ppp daemon during connection. I can
> bring up a blanket static route from the /etc/ppp/ip-up script, but that
> runs for everyone and only needs to run for the on ppp/wan/vpn connection
> which uses a unique username.
>
I you only have a couple of users (I do with my IPSec+L2TP setup) then I
would recommend you simply edit the chap-secrets file and dish out the static
IP's that way (note my 'dd | uuencode' method to generate a password if you
like).

If however you have lots of clients you plan to dish out IP addresses with,
to the point where even a script to generate the data from a mysql server is
inconvient, then a RADIUS server would be the better approach.

Have fun

Alex

---- /etc/ppp/chap-secrets ----
# Secrets for authentication using CHAP
# client server secret IP addresses
#
# dd if=/dev/urandom bs=1 count=32 2>/dev/null | uuencode -m -
# (remove the ending '=')
#
# public IP's
client server fancy_fancy_very_secret_password 1.2.3.4
--------------

You could modify ip-up for doing such a thing!
Maybe not based on user id (quoique!?) but on ipaddresses the user is
having.

Regads
"MoldyDo" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> I was wondering if anyone had any ideas how on a linux box running pppd
> how I could create a static route based on the CHAP authentication
> username that gets passed to the ppp daemon during connection. I can
> bring up a blanket static route from the /etc/ppp/ip-up script, but that
> runs for everyone and only needs to run for the on ppp/wan/vpn connection
> which uses a unique username.
>
> -LRM