[strongSwan] ipsec detection on isc dhcpd
Andreas Steffen
andreas.steffen at strongswan.org
Thu Jul 14 20:14:34 CEST 2011
Hello Christ,
did you have a look at the following example scenarios which
use charon's dhcp plugin?
http://www.strongswan.org/uml/testresults/ikev2/dhcp-static-client-id/
http://www.strongswan.org/uml/testresults/ikev2/dhcp-static-mac/
Regards
Andreas
On 07/14/2011 07:23 PM, Christ Schlacta wrote:
> I've dedicated an entire /23 to strongswan IKEv2 clients, and would like
> to be able to have charon query ISC dhcpd to acquire IP addressi and
> other parameters. It would be nice if in addition, I could use a
> user-specified attribute of the IKEv2 identity as a hostname (for
> example, my certificates are configured such that cn=hostname). it
> would also be nice if I could tell windows the connection specific dns
> suffix, which there seems to be no RFC to specify at present, that's a
> suggestion for future RFC refinements.
>
> I keep running into 2 problems an a minor issue:
>
> 1) the DHCP server never gets requests. I've tried specifying
> 255.255.255.255 and the specific DHCP server address, and neither
> results in queries arriving at the DHCP server, which is on the same
> device as strongswan
> 2) I've reserved the address range with some subnet parameters, et al on
> the dhcp server, but have no generic way to match "this query has come
> from charon, so issue it an IP address from this pool". there's no
> virtual device for charon, so I can't specify an IP address in the
> range, or similar, and I'm at a complete loss how to accomplish this now.
> 3) this is somewhat less. there's no way to specify a certificate
> attribute as hostname or other, anything except the "ikev2 identity"
> can't be passed in the dhcp request insofar as I can identify.
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list