From: Pascal C. Kocher (pascal.kocher_at_netbeat.biz)
Date: Wed Aug 14 2002 - 13:41:23 CEST
> On Monday 12 August 2002 17:34, Pascal C. Kocher wrote:
> > Hi Michael
> >
> > IMHO you won't need the relay, if you run ISC bind on the gateway
> > itself, just let it listen to ipsec0, thats it.
> >
> Unfortunately, AFAIK it is not that simple.
> If a vpn-client needs to have a dhcp-lease, it uses its
> *real* IP address to
> open a ipsec tunnel to the vpn-gw as well as to send the request. The
> dhcp-server, however, knows nothing about *virtual* and
> *real* IP addresses,
> ignores the source address and sends the reply either by
> broadcast or by
> using the new issued IP address. In both cases there exists now
> matching route/tunnel back to the vpn-client and thus, the
> packet is discard
> by KLIPS.
I'll have to try this. At least ist able to bind only to this Interface.
Does anyone have an idea how to use Option 82 (Relay Info) on a Windows
DHCP Server?
Best regards,
Pascal.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Wed Aug 14 2002 - 16:19:42 CEST