Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] DHCP over ipsec

From: Andreas Steffen (andreas.steffen_at_zhwin.ch)
Date: Wed Apr 17 2002 - 22:59:47 CEST

Next message: Teemu Torma: "Re: [Users] X.509 compile problems"
Previous message: Vasiliy Boulytchev: "[Users] X.509 compile problems"
In reply to: John Morris: "Re: [Users] DHCP over ipsec"
Next in thread: Andreas Steffen: "Re: [Users] DHCP over ipsec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You request a Virtual IP address from the DHCP. The outer IP address
of your physical LAN or PPP interface is usually dynamically assigned
by your ISP whereas the inner IP address of a VPN tunnel would preferably
be an address of your home network (extruded net).

A problem is in fact the forming of the MAC address of the virtual
IP interface (SSH Sentinel actually creates a virtual network interface
on Windows platforms) which is needed in the DHCP request in order
to register the interface with the DHCP server. The Internet draft is
rather vague about this point (TBD). It seems that it is up to the
early implementors to make sensible suggestions.

Regards

Andreas

John Morris wrote:
>
> Which network interface would you be getting the DHCP address for? On
> Linux, perhaps an interface aliased from ipsec0? Or the ipsec0 interface
> itself? I can't quite picture how that would work.
>
> John
>
> ----- Original Message -----
> From: "John A. Sullivan III" <John.Sullivan_at_nexusmgmt.com>
> To: "Vasiliy Boulytchev" <vasiliy_at_boulytcheva.com>
> Cc: <users_at_lists.freeswan.org>
> Sent: Thursday, April 18, 2002 3:22 AM
> Subject: Re: [Users] DHCP over ipsec
>
> > There are two recent developments in IETF standards that make road
> > warrior support infinitely easier- NAT traversal and DHCP over IPSec.
> > We've been investigating this in SSH's products with eager
> > anticipation. I would love to see this support in Free S/WAN. Is
> > anyone working on implementing these two new developments? I'm afraid it
> > is way beyond my skills - John
> >
> > On Wed, 2002-04-17 at 13:03, Vasiliy Boulytchev wrote:
> > > Ladies and Gents,
> > > Is it possible to have my FreeSWAN box assign IP addresses from the
> > > protected LAN to the roadwarrior clients that auth in over DHCP?
> > > Greatly appreciate your help,
> > > Vasiliy Boulytchev
> > > Colorado Information Technologies Inc.
> > --
> > John A. Sullivan III
> > Group Technology Director
> > Nexus Management
> > +1 207-985-7880
> > John.Sullivan_at_nexusmgmt.com

======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Teemu Torma: "Re: [Users] X.509 compile problems"
Previous message: Vasiliy Boulytchev: "[Users] X.509 compile problems"
In reply to: John Morris: "Re: [Users] DHCP over ipsec"
Next in thread: Andreas Steffen: "Re: [Users] DHCP over ipsec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:52 CEST