[Openswan Users] Openswan (on 2.6) as an DHCP-over-IPSec client

H. Peter Anvin hpa at zytor.com
Tue Feb 8 22:49:31 CET 2005

Paul Wouters wrote:
> On Tue, 8 Feb 2005, H. Peter Anvin wrote:
>> Anyone happens to know how to configure OpenSWAN as an DHCP-over-IPSec
>> *client*?  There are numerous discussions in the archives and there is a
>> HOWTO about using it as a server with SSH Sentinel clients on Windows
>> hosts, but I'd like to use it with Linux 2.6 clients, preferrably
>> running OpenSWAN (since I've had otherwise very good experience with
>> OpenSWAN.)
> AFAIK, no one has done this. The dhcp-over-ipsec was only implemented
> by Microsoft and SSH, and they were not compatible with each other.
> Openswan-2.3.0 has XAUTH and ModeConfig support though, which should
> be able to offer you the same functionality. But it's very new and
> likely not complete yet.
> Ofcourse, IKEv2 should make all of this stuff obsolete too, but that's
> not going to happen anytime soon.

I hope whatever they do will be DHCP-compatible; I always thought it was 
a big mess to have a completely different configuration mechanism for PPP.

> I guess with some creative _updown scripting, it should be possible.

I'll play with it and see what can be done.


More information about the Users mailing list