[strongSwan] dhcp/farp plugins
Alexander Sbitnev
alexander.sbitnev at gmail.com
Tue Sep 23 16:58:36 CEST 2014
I can be wrong, but I still try to respond :)
IMHO without this farp you should create separate address pool
for roadwarriors and implement some routing (L3) leading to this pool.
With farp you can assign roadwarriors with IP addresses from your
internal corporate network. If any station on internal network resolving
roadwarrior IP with ARP your ipsec gateway will respond with its own mac
address. This way all packets with roadwarrior's destination IP will be
going
towards gateway by L2 means.
It just easier for configuration.
I suppose "responder" is an ipsec gateway internal interface, and it
responding to workstation/routers from internal network.
On 09/23/2014 06:34 PM, Cindy Moore wrote:
> I'm trying to understand what is meant by this:
>
> "A new plugin called farp fakes ARP responses for virtual IP addresses
> handed out to clients from the IKEv2 daemon charon. The plugin lets a
> road-warrior act as a client on the local LAN if it uses a virtual IP
> from the responders subnet, e.g. acquired using the DHCP plugin."
>
> So would such a roadwarrior client look like it was operating from its
> virtual ip address rather than the vpn gateway? I'm not clear on
> who/what "responder" is.
>
> Thanks,
> Cindy
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list