[strongSwan] Support of forwarding of client DHCP requests in strongswan?
Peter Bieringer
pb at bieringer.de
Sun Jun 5 19:41:30 CEST 2016
Hi,
after some hours of playing around and digging through Google I need now
support...
Initial problem: Windows Phone 10 VPN client where "Split Tunneling =
false" can't be set (unlike Windows 10 where Powershell command will help)
Probable solution: distribute routes to WP 10 via DHCP reply by
responding with proper routes to the received DHCP inform message:
Received on ipsec0 interface (tcpdump):
172.16.1.1.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request,
length 300, htype 8, hlen 0, xid 0x5b8e69a6, secs 1536, Flags [none]
Client-IP 172.16.1.1
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Inform
Client-ID Option 61, length 17: "***"
Hostname Option 12, length 13: "Windows-Phone"
Vendor-Class Option 60, length 8: "MSFT 5.0"
Parameter-Request Option 55, length 6:
Domain-Name-Server, Netbios-Name-Server, Vendor-Option, Subnet-Mask
Classless-Static-Route-Microsoft, Domain-Name
But I get now stucked, I haven't found any solution so far to feed this
DHCP message received via ipsec0 to a DHCP server (tried ISC and dnsmasq
listening on a tap interface with iptables NAT PREROUTING hints).
dhcrelay also won't work, interface ipsec0 is not liked by any dhcp
server...
Has anyone a working example for strongswan how to feed DHCP client
messages received after IPsec is established to a DCHP server and
respond proper with additional information?
e.g. something like a broadcast forwarding/snooper based on layer 2.
BTW: IPsec setup is IKEv2, system is running on Virtuozzo, so briding of
interfaces is not an option, only tun/tap interfaces are available.
Thank you very much!
Regards,
Peter
More information about the Users
mailing list