[strongSwan] DHCP!

Christian Salway christian.salway at naimuri.com
Sat May 5 18:57:46 CEST 2018 

Hi Noel,

Do you have an example configuration for swanctl/vici?

C

> On 5 May 2018, at 11:01, Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
> 
> The traffic selector needs to permit the DHCP request through and a DHCP server or relay needs to be run locally.
> This is absolutely no problem, other people already set this up and made it work.
> 
>> On 04.05.2018 15:21, Tom Rymes wrote:
>> It's designed for a very specific use case, but if you install it in a sandbox somewhere, you can get a feel for the powershell scripts and other bits that are used to configure the clients.
>> 
>> It's all wrapped around Strongswan, so you can transfer the functionality to your own setup, if you find it helpful.
>> 
>> Tom
>> 
>>> On 05/04/2018 9:15 AM, Christian Salway wrote:
>>> We are working with very locked down systems so wouldn’t be able to install that software unfortunately but will have a look out of interest,
>>> Thanks
>>> 
>>>>> On 4 May 2018, at 13:15, Tom Rymes <trymes at rymes.com> wrote:
>>>>> 
>>>>> On 05/04/2018 3:45 AM, Christian Salway wrote:
>>>>> Thanks to Dirk Hartmann and his scripting idea,  The simplest way to add a VPN connection to Windows 10 that includes the routing to the internal IP, is by running the following commands in PowerShell commands.  This also enables strong ciphers (MODP2048)
>>>>> /This is for a username/password VPN available to all users (remove -*AllUserConnection* from the /*Add-VpnConnection*/ command for just the current user)/
>>>> 
>>>> Apple configuration profiles and Windows scripting are definitely magic when done right.
>>>> 
>>>> The gold standard in my experience is Algo (https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/), which is built on top of StrongSwan:
>>>> 
>>>> - Airdrop a file to an iOS device and you're configured.
>>>> - Double-click a file on a mac, and you're configured.
>>>> - Run a powershell script on Windows and you're configured.
>>>> 
>>>> It's pretty darned cool, to be honest.
>> 
> 
>

More information about the Users mailing list