O.K., I will try to implement something like a DHCP-extension,
but there is one point, I couldn't get to work yet: the use of a
virtual IP assigned to dummy device. As I mentioned in another
thread, the connection is only oneway. On my gateway I see an
eroute to my virtual device, but I can't reach anything from my client.
What's the missing point??
Regards, Adrian
----- Original Message -----
From: "Andreas Steffen" <andreas.steffen_at_zhwin.ch>
To: "Adrian Blockus" <ablockus_at_gmx.net>
Cc: <users_at_lists.freeswan.org>
Sent: Tuesday, July 23, 2002 9:38 AM
Subject: Re: Linux Virtual IP client (was Version 0.9.14 of X.509 patch
released)
> I'm not aware of a Linux implementation but I think it
> would not be too difficult to write one. The Virtual IP
> DHCP client would have to set up a short-lived DHCP SA
> with
>
> ipsec auto --up dhcp
>
> and then send a DHCP DISCOVER broadcast message which
> would be tunneled to the Linux security gateway of the
> home network. The DHCP relay agent would then forward
> this request to the actual DHCP server somewhere in the
> protected subnet and relay the response back to the Linux
> client. The client would then have to assign the Virtual
> IP to a dummy device and would then start the actual IPsec
> tunnel to the home network.
>
> ipsec auto --up home
>
> The renewals of the DHCP lease would then happen over the
> normal "home" connection. Therefore I think the best thing
> would be to base a Virtual IP function on a DHCP client
> extension attached to the ipsec0 interface, so as not to
> disturb the workings of the DHCP client responsible for
> the outer dynamic IP address of the eth0 interface.
>
> Regards
>
> Andreas
>
> Adrian Blockus wrote:
> > Hi Andreas,
> >
> > I am glad to here this and await eagerly the next week. Do you know any
> > clients for linux, that support virtual IPs over DHCP???
> >
> > Regards, Adrian
> >
> >
> > ----- Original Message -----
> > From: "Andreas Steffen" <andreas.steffen_at_zhwin.ch>
> > To: "Nate Carlson" <natecars+freeswan_at_natecarlson.com>
> > Cc: <users_at_lists.freeswan.org>; "Mario Strasser"
<mario.strasser_at_zhwin.ch>
> > Sent: Tuesday, July 23, 2002 7:48 AM
> > Subject: Re: [Users] Version 0.9.14 of X.509 patch released
> >
> >
> >
> >>Yeah, version 0.9.14 supports DHCP-over-IPsec!
> >>
> >>Our solution makes it possible for SSH Sentinel to lease
> >>a dynamic VirtualIP from a DHCP server based in the home network!
> >>The missing unpublished link is the DHCP relay agent running
> >>on the Linux security gateway and which is forwarding the
> >>DHCP requests to the actual DHCP server in the protected home
> >>network. Mario Strasser, the research assistant working on the
> >>DHCP project is currently finishing the documentation. We will
> >>release the complete DHCP package including the relay daemon
> >>probably next week.
> >>
> >>Kind regards
> >>
> >>Andreas
> >>
> >
> > ======================================================================
> >
> >>Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
> >>Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
> >>CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
> >>===============================================================[ZHW]==
> >
> >
>
>
> --
> ======================================================================
> Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
> Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
> CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
> ===============================================================[ZHW]==
>
>
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:26 CEST