[Openswan Users] dhcp over ipsec

radu at cs.kent.edu radu at cs.kent.edu
Fri May 14 18:10:40 CEST 2004 

John,

    that did it, I moved the server to another machine and it works, now ,
with strongsec's relay. I don't know why it wasn't working the other
time I tried it, but I am happy that it works now :)

    radu

> That is probably your problem.  You cannot use the ISC DHCP Relay
> because it cannot associate the traffic back to the IPSec connection.
> You must use the Strongsec Relay.
>
> We were successful with the DHCP server on the gateway and a remote DHCP
> server - John
>
> On Fri, 2004-05-14 at 10:41, Radu Brumariu wrote:
>>     I have tried moving the dhcpd server to another machine, but it
>> didn't work. I had the same thing : no DHCPREQUESTs following the
>> DHCPOFFERs.
>>     SSH Sent 1.4.1 is not available anymore , or at least I cannot find
>> it anywhere.
>>     One thing to add : I am using the dhcrelay from ISC, not the
>> dhcprelay from strongsec.com, since the latter didn't even wanted to
>> start claiming that the interface was already in use ( which it was by
>> the dhcpd server )...
>>
>>     Thanks for the comments.
>>
>> Radu
>>
>>
>> Ken Bantoft wrote:
>>
>> >I'm running it at the office for Windows users (DHCP over IPsec)
>> >
>> >We are using SSH Sent 1.4.1, as we ran into problems with earlier
>> >versions.
>> >
>> >We found that you CAN'T run the dhcp server on the same box as the
>> >dhcprelay/Openswan.  As soon as we moved DHCP to another, it all
>> worked.
>> >Didn't have time to figure out why this is the case.
>> >
>> >
>> >On Fri, 14 May 2004, Radu  Brumariu wrote:
>> >
>> >
>> >
>> >>Hello,
>> >>
>> >>    I am setting up a VPN gateway and I am trying to assign to the
>> connection clients an IP from the internal net ( which is a public
>> IP ) from a DHCP address pool.
>> >>I have setup the dhcpd server to listen on lo and the dhcrelay to
>> relay ipsec0 to lo . I can see the DHCPDISCOVER packets and the
>> DHCPOFFEr packets, but there is no DHCPREQUEST / DHCPACK packets
>> following.
>> >>
>> >>    The DHCP server is allocating IPs in the range 131.123.35.155-160
>> / 255.255.255.0
>> >>
>> >>    I am using SSH Sentinel 1.3.2 , openswan 2.1.2.rc3 and
>> certificates.
>> >>    One more thing : If I don't specify that I want a DHCP address , I
>> can create the tunnel ...
>> >>
>> >>
>> >
>> >
>> >
>> >
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
> --
> John A. Sullivan III
> Chief Technology Officer
> Nexus Management
> +1 207-985-7880
> john.sullivan at nexusmgmt.com
>

More information about the Users mailing list