diff -r -U4 ppp-2.4.4/pppd/ipcp.c ppp-2.4.4+gsm/pppd/ipcp.c
--- ppp-2.4.4/pppd/ipcp.c	2005-08-26 00:59:34.000000000 +0100
+++ ppp-2.4.4+gsm/pppd/ipcp.c	2009-11-06 10:07:15.000000000 +0000
@@ -71,8 +71,9 @@
 
 u_int32_t netmask = 0;		/* IP netmask to set on interface */
 
 bool	disable_defaultip = 0;	/* Don't use hostname for default IP adrs */
+bool	net10_only = 0;		/* Restrict neogotiated IPs to 10/8 only */
 
 /* Hook for a plugin to know when IP protocol has come up */
 void (*ip_up_hook) __P((void)) = NULL;
 
@@ -172,8 +173,10 @@
       "Set ip script parameter", OPT_PRIO },
 
     { "noipdefault", o_bool, &disable_defaultip,
       "Don't use name for default IP adrs", 1 },
+    { "ip-net10-only", o_bool, &net10_only,
+      "Restrict neogotiated IPs to 10/8 only", 1 },
 
     { "ms-dns", 1, (void *)setdnsaddr,
       "DNS address for the peer's use" },
     { "ms-wins", 1, (void *)setwinsaddr,
@@ -1725,8 +1728,18 @@
 
     /*
      * Check that the peer is allowed to use the IP address it wants.
      */
+    if (net10_only && (ntohl(go->ouraddr) & 0xff000000) != 0x0a000000) {
+	error("Not allowed to use local address %I", go->ouraddr);
+	ipcp_close(f->unit, "Prohibited local IP address");
+	return;
+    }
+    if (net10_only && (ntohl(ho->hisaddr) & 0xff000000) != 0x0a000000) {
+	error("Not allowed to use remote address %I", ho->hisaddr);
+	ipcp_close(f->unit, "Prohibited remote IP address");
+	return;
+    }
     if (!auth_ip_addr(f->unit, ho->hisaddr)) {
 	error("Peer is not authorized to use remote address %I", ho->hisaddr);
 	ipcp_close(f->unit, "Unauthorized remote IP address");
 	return;