[Openswan Users] dhcp over ipsec

John A. Sullivan III john.sullivan at nexusmgmt.com
Fri May 14 16:24:19 CEST 2004 

That is probably your problem.  You cannot use the ISC DHCP Relay
because it cannot associate the traffic back to the IPSec connection. 
You must use the Strongsec Relay.

We were successful with the DHCP server on the gateway and a remote DHCP
server - John

On Fri, 2004-05-14 at 10:41, Radu Brumariu wrote:
>     I have tried moving the dhcpd server to another machine, but it 
> didn't work. I had the same thing : no DHCPREQUESTs following the 
> DHCPOFFERs.
>     SSH Sent 1.4.1 is not available anymore , or at least I cannot find 
> it anywhere.
>     One thing to add : I am using the dhcrelay from ISC, not the 
> dhcprelay from strongsec.com, since the latter didn't even wanted to 
> start claiming that the interface was already in use ( which it was by 
> the dhcpd server )...
>    
>     Thanks for the comments.
> 
> Radu
> 
> 
> Ken Bantoft wrote:
> 
> >I'm running it at the office for Windows users (DHCP over IPsec)
> >
> >We are using SSH Sent 1.4.1, as we ran into problems with earlier 
> >versions.
> >
> >We found that you CAN'T run the dhcp server on the same box as the 
> >dhcprelay/Openswan.  As soon as we moved DHCP to another, it all worked.  
> >Didn't have time to figure out why this is the case.
> >
> >
> >On Fri, 14 May 2004, Radu  Brumariu wrote:
> >
> >  
> >
> >>Hello,
> >>
> >>    I am setting up a VPN gateway and I am trying to assign to the connection clients an IP from the internal net ( which is a public IP ) from a DHCP address pool. 
> >>I have setup the dhcpd server to listen on lo and the dhcrelay to relay ipsec0 to lo . I can see the DHCPDISCOVER packets and the DHCPOFFEr packets, but there is no DHCPREQUEST / DHCPACK packets following. 
> >>
> >>    The DHCP server is allocating IPs in the range 131.123.35.155-160 / 255.255.255.0
> >>
> >>    I am using SSH Sentinel 1.3.2 , openswan 2.1.2.rc3 and certificates.
> >>    One more thing : If I don't specify that I want a DHCP address , I can create the tunnel ...
> >>    
> >>
> >
> >
> >  
> >
> 
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan at nexusmgmt.com

More information about the Users mailing list