Community discussions

MUM Europe 2020
 
1001001
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 70
Joined: Mon Sep 24, 2012 12:46 pm

Forwarding PPP Traffic

Wed Sep 23, 2015 1:50 pm

Hello everybody,

we are currently trying to build a solution where we use hotspot profiles to route traffic based on simple conditions.
One profile gets routed without any further handling, the other should be forwarded to an appliance which processes the data and filters it.

The question is how would one implement such a system?

Right now we have the following:

Client connects via sstp to sstp server one and server two, the profile decides whether the traffic should be filtered or not. If the traffic should be filtered all data gets forwarded to server two from server two a route forwards the traffic to our appliance. The problem is that as soon as we forward the traffic from server two to the appliance the sstp connection gets terminated. In order to prevent termination we have to set a static route that points to the client which is not ideal for huge rollouts because setting up static routes for hundreds of clients manually is tedious and time consuming.,

The client routes look as follows:
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          sstp-out1                 1
 1 A S  0.0.0.0/0                          192.168.200.254           1
 2 ADC  10.10.11.1/32      10.1.16.5       sstp-out1                 0
 3 ADC  172.16.0.0/22      172.16.0.1      bridge-local              0
 4 ADC  192.168.200.0/24   192.168.200.10  ether1-gateway            0
Server two's routes look like this
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          10.10.0.1                 1
 1 X S  0.0.0.0/0                          212.53.151.1              2
 3 ADC  10.1.16.0/24       10.1.16.1       local-bridge              0
 4 ADC  10.1.16.5/32       10.10.11.1      <sstp-45AA025AA...        0
 5 ADC  10.10.0.0/24       10.10.0.2       ether1                    0
 6 A S  31.19.75.237/32                    212.53.151.1              1
11 ADC  212.xxx.xxx.0/26    212.xxx.xxx.50   local-bridge              0

Has anyone any idea as to how one would implement thsi solution without the need for static routes that point back at the client?

Best regards

1001001

Who is online

Users browsing this forum: No registered users and 11 guests