I'm not aware of a Linux implementation but I think it
would not be too difficult to write one. The Virtual IP
DHCP client would have to set up a short-lived DHCP SA
with
ipsec auto --up dhcp
and then send a DHCP DISCOVER broadcast message which
would be tunneled to the Linux security gateway of the
home network. The DHCP relay agent would then forward
this request to the actual DHCP server somewhere in the
protected subnet and relay the response back to the Linux
client. The client would then have to assign the Virtual
IP to a dummy device and would then start the actual IPsec
tunnel to the home network.
ipsec auto --up home
The renewals of the DHCP lease would then happen over the
normal "home" connection. Therefore I think the best thing
would be to base a Virtual IP function on a DHCP client
extension attached to the ipsec0 interface, so as not to
disturb the workings of the DHCP client responsible for
the outer dynamic IP address of the eth0 interface.
Regards
Andreas
Adrian Blockus wrote:
> Hi Andreas,
>
> I am glad to here this and await eagerly the next week. Do you know any
> clients for linux, that support virtual IPs over DHCP???
>
> Regards, Adrian
>
>
> ----- Original Message -----
> From: "Andreas Steffen" <andreas.steffen_at_zhwin.ch>
> To: "Nate Carlson" <natecars+freeswan_at_natecarlson.com>
> Cc: <users_at_lists.freeswan.org>; "Mario Strasser" <mario.strasser_at_zhwin.ch>
> Sent: Tuesday, July 23, 2002 7:48 AM
> Subject: Re: [Users] Version 0.9.14 of X.509 patch released
>
>
>
>>Yeah, version 0.9.14 supports DHCP-over-IPsec!
>>
>>Our solution makes it possible for SSH Sentinel to lease
>>a dynamic VirtualIP from a DHCP server based in the home network!
>>The missing unpublished link is the DHCP relay agent running
>>on the Linux security gateway and which is forwarding the
>>DHCP requests to the actual DHCP server in the protected home
>>network. Mario Strasser, the research assistant working on the
>>DHCP project is currently finishing the documentation. We will
>>release the complete DHCP package including the relay daemon
>>probably next week.
>>
>>Kind regards
>>
>>Andreas
>>
>
> ======================================================================
>
>>Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
>>Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
>>CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
>>===============================================================[ZHW]==
>
>
-- ====================================================================== Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/ CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56 ===============================================================[ZHW]==_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:26 CEST