Re: [Users] DHCP over IPSEC implemented?

From: Mikael Hammarin (mikael.hammarin_at_devtrend.com)
Date: Wed Jul 31 2002 - 10:34:22 CEST

• Next message: Kevin Gerbracht: "[Users] How can i answer to the mailing-list so that a thread-structure is build"
• Previous message: Garry Glendown: "Re: [Users] network connection w/ RoadWarrior and IP network"
• Maybe in reply to: Mikael Hammarin: "[Users] DHCP over IPSEC implemented?"
• Next in thread: Mario Strasser: "Re: [Users] DHCP over IPSEC implemented?"
• Reply: Mario Strasser: "Re: [Users] DHCP over IPSEC implemented?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
Yes, I define a new pool for vpn-clients as the example:

<snip>
# ipsec vpn clients class
class "vpn-clients" {
  match if option agent.circuit-id = "ipsec0";
}

subnet 192.168.1.0 netmask 255.255.255.0 {
  pool
  {
    allow members of "vpn-clients";
    range 192.168.1.150 192.168.1.175;
  }
}
<snip>

but when dhcpd receives the relayed DHCP request, I get a message saying
"unknown network segment":

<snip>
Jul 30 20:21:04 amp dhcpd: DHCPDISCOVER from 00:01:02:b6:7e:45 via
213.xx.xx.xx: unknown network segment
<snip>

where 213.xx.xx.xx is the IP-address of the external interface on the
ipsec-gateway.

My thought was that it want me to define the network segment 213.xx.xx.xx in
dhcpd.conf, but this will only allow me to
assign IP-addresses from that subnetwork, and not 192.168.1.xx. Just to
test, I tried to define subnet 213.xx.xx.xx in dhcpd, and
this allowed me to assign an ip-address from that network hence IT IS
working, but I can't get the config correct.

I don't have a dump from dhcprelay, but the DHCP message relayed only
contains the IP-address of my external ip-address on
the ipsec-gateway on the R-field (relay?).

Regards,
Mikael

----- Original Message -----
From: "Mario Strasser" <mario.strasser_at_zhwin.ch>
To: "Mikael Hammarin" <mikael.hammarin_at_devtrend.com>
Sent: Wednesday, July 31, 2002 6:52 AM
Subject: Re: [Users] DHCP over IPSEC implemented?

Hi Mikael

On Wednesday 31 July 2002 00:11, Mikael Hammarin wrote:
> [skip]
> However, I seem to have some difficulties finding the correct
configuration
> for dhcpd.
> When using dhcprelay on the ipsec0 interface (external IP) on my gateway
to
> relay to an internal DHCP server
> on my private network (192.168.x.x), dhcpd will not allow me to assign an
> IP-address except one from the gateway
> external interface (ipsec0) as it was relayed from that IP-address.
> Naturally, I would like to assign an IP-address from
> another private subnetwork (192.168.x.x).
>
How does your dhcpd.conf looks like? Did you define a pool for non
vpn clients?
You can get some good hints from the
DHCP mini-HOWTO (http://www.tldp.org/HOWTO/mini/DHCP/)
or the man page of the dhcpd configuration file (dhcpd.conf (5)).
As mentioned, this issues will be explained in the HOWTO which
is unfortunately not finished yet!

Regards
Mario

Content Security by MailMarshal

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Kevin Gerbracht: "[Users] How can i answer to the mailing-list so that a thread-structure is build"
• Previous message: Garry Glendown: "Re: [Users] network connection w/ RoadWarrior and IP network"
• Maybe in reply to: Mikael Hammarin: "[Users] DHCP over IPSEC implemented?"
• Next in thread: Mario Strasser: "Re: [Users] DHCP over IPSEC implemented?"
• Reply: Mario Strasser: "Re: [Users] DHCP over IPSEC implemented?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 05 2002 - 21:01:34 CEST