[Openswan Users] dhcp over ipsec
Radu Brumariu
radu at cs.kent.edu
Fri May 14 14:33:17 CEST 2004
Hello,
I am setting up a VPN gateway and I am trying to assign to the connection clients an IP from the internal net ( which is a public IP ) from a DHCP address pool.
I have setup the dhcpd server to listen on lo and the dhcrelay to relay ipsec0 to lo . I can see the DHCPDISCOVER packets and the DHCPOFFEr packets, but there is no DHCPREQUEST / DHCPACK packets following.
The DHCP server is allocating IPs in the range 131.123.35.155-160 / 255.255.255.0
I am using SSH Sentinel 1.3.2 , openswan 2.1.2.rc3 and certificates.
One more thing : If I don't specify that I want a DHCP address , I can create the tunnel ...
Here is my ipsec.conf
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.12 2004/01/20 19:37:13 sam Exp $
# This file: /usr/local/share/doc/freeswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
#
# Help:
# http://www.freeswan.org/freeswan_trees/freeswan-cvs2002Mar11_19:19:03/doc/quickstart.html
# http://www.freeswan.org/freeswan_trees/freeswan-cvs2002Mar11_19:19:03/doc/config.html
# http://www.freeswan.org/freeswan_trees/freeswan-cvs2002Mar11_19:19:03/doc/adv_config.html
#
# Policy groups are enabled by default. See:
# http://www.freeswan.org/freeswan_trees/freeswan-cvs2002Mar11_19:19:03/doc/policygroups.html
#
# Examples:
# http://www.freeswan.org/freeswan_trees/freeswan-cvs2002Mar11_19:19:03/doc/examples
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
interfaces=%defaultroute
uniqueids=yes
strictcrlpolicy=yes
virtual_private=%v4:192.168.0.0/16
#nat_traversal=yes
conn %default
keyingtries=3
authby=rsasig
keyexchange=ike
ikelifetime=240m
keylife=60m
pfs=yes
compress=no
disablearrivalcheck=no
left=%defaultroute
leftcert=ipsec_gateway.pem
right=%any
rightrsasigkey=%cert
auto=ignore
# Add connections here.
# DHCP incoming connections
conn dhcp
type=tunnel
rightid="C=US, ST=Ohio, L=Kent, O=KSU, OU=Computer Science, CN=radu at cs.kent.edu, E=radu at cs.kent.edu"
right=%any
rekey=no
keylife=2m
rekeymargin=30s
leftsubnet=0.0.0.0/0
rightsubnet=vhost:%priv
leftprotoport=udp/bootps
rightprotoport=udp/bootpc
pfs=no
auto=add
#
# From lab - VPN connection
conn test
type=tunnel
rightid="C=US, ST=Ohio, L=Kent, O=KSU, OU=Computer Science, CN=radu at cs.kent.edu, E=radu at cs.kent.edu"
leftsubnet=0.0.0.0/0
leftupdown=/usr/local/lib/ipsec/_updown_x509
rightsubnetwithin=131.123.35.0/24
auto=add
# RoadWarrior VPN connection
conn roadwarrior
type=tunnel
rightid="C=US, ST=Ohio, L=Kent, O=KSU, OU=Computer Science, CN=radu at cs.kent.edu, E=radu at cs.kent.edu"
leftsubnet=0.0.0.0/0
leftupdown="/usr/local/lib/ipsec/_updown_x509 up-client"
rightsubnet=vhost:%priv
rightsubnetwithin=131.123.35.0/24
pfs=no
auto=add
# disabling OE connections
conn packetdefault
auto=ignore
conn block
auto=ignore
conn clear
auto=ignore
conn clear-or-private
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
Thanks,
Radu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040514/1e4dc7a5/attachment-0001.htm
More information about the Users
mailing list