Hmmmm... I think I may have hit a wall on this, but let's see.
Let's assume I want to run Choicenet to prevent inbound packet spoofing.
Since some of our addresses are dynamic, and there is no way to know at
authentication time which address will be assigned (that happens at IPCP
time, and the authentication at LCP time), we must therefore set up a global
filter which permits all the dynamic addresses to work for these accounts.
Ok, good enough.
Now I set this up in Choicenet, and arrange to have the RADIUS server return
the correct filter profile.
Choicenet loads the profile properly.
HOWEVER, it appears that the first user who disconncets from the PM3
*DELETES* the Choicenet-loaded profile, defeating the filter!
This is true even though there are other open sessions with the SAME filter
specification online.
Is this a bug, or expected behavior? Without source to Choicenet, there is
no way in hell I can have it return a unique profile for each user - there
are over 10,000 of them here!
With source I could "synthesize" a profile, and probably make it work.
---- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly to FULL DS-3 Service | NEW! K56Flex support on ALL modems Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message.