Hosting Provided By

[Users] dhcp over ipsec

From: Alexandra Navarro <laracroft(at)zaralinux.com>
Date: Tue Apr 15 2003 - 09:14:07 EDT

Hello

I have been able to configure ssh sentinel + freeswan with x509 certs. It works fine if I configure manually the IP virtual. I have configured a dhcpd and dhcprelay in freeswan server (same host for both) but if I configure sentinel to get the ip dynamically it doesn't work.

My dhcpd.conf is:

ddns-update-style none;
class "vpn-clients" {
match if option agent.circuit-id = "ipsec0";
}

subnet 0.0.0.0 netmask 0.0.0.0 {

        option domain-name "eon.net";
        option routers 192.168.1.254;
        option subnet-mask      255.255.255.0;
        option domain-name-servers      192.168.1.251, 192.168.1.252;
        option netbios-name-servers     192.168.1.251, 192.168.1.252;

        pool {
        allow members of "vpn-clients";
        range 10.2.67.2 10.2.67.254;
        default-lease-time 3600;
        max-lease-time 7200;
        option subnet-mask 255.255.255.0;
        }

}

I run dhcpd this way: dhcpd lo

and dhcprelay this way: dhcrelay ipsec0 lo 127.0.0.1

Do you need help?

My ipsec.conf is:

conn %default

        keyingtries=1
        disablearrivalcheck=no
        authby=rsasig
        keyexchange=ike
        ikelifetime=240m
        keylife=60m
        pfs=yes
        compress=no
        right=%any
        rightrsasigkey=%cert
        left=80.24.120.xx
        leftcert=certs/myCert.pem
        auto=add
conn dhcp
        type=tunnel
        rekey=no
        ikelifetime=60s
        keylife=20s
        rekeymargin=10s
        right=%any
        leftsubnet=0.0.0.0/0
        leftprotoport=udp/bootps
        rightprotoport=udp/bootpc

conn rw-cert-3des-doi
        type=tunnel
        right=%any
        leftnexthop=80.24.120.yy
        rightsubnetwithin=10.2.67.0/24
        leftsubnet=0.0.0.0/0

any ideas about how to get it working?

Thanks in advances.

Alexandra.

Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users Received on Tue Apr 15 23:11:24 2003

This message: [ Message body ]
Next message: Josdeyvi Russi: "Re: [Users] Multicast over VPN? How. Already have IPSec running between sites."
Previous message: Andreas Steffen: "Re: [Users] no RSA public key"
Next in thread: John A. Sullivan III: "Re: [Users] dhcp over ipsec"
Reply: John A. Sullivan III: "Re: [Users] dhcp over ipsec"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:01:19 EDT