[ previous ] [ next ] [ threads ]
 
 From:  "D. Ubevidste" <detubevidste at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  DHCP Relay across an IPSEC VPN
 Date:  Thu, 3 Feb 2005 19:06:00 -0500
Esteemed comrades,

Before I find out this doesn't work on my own -- is anyone using the
DHCP relay to reach a DHCP server across a tunnel?

Basic Architecture (apologies to proportion fonts users):


DHCP server |  |m0n0-A   |   IPSEC     | m0n0-B  |  |   DHCP    |
            |--|10.0.0.1 |----VPN------|10.9.0.1 |--|  Client   |
10.0.0.25   |  |<extip A>|   TUNNEL    |<extip B>|  |Workstation|

The dhcp server sits on a home network with a 10.0.0/24 address, the
client on a remote 10.9.0/24 network, with two m0n0walls between and
an IPSEC tunnel

Data:
 A  The DHCP server can ping the LAN IP of the m0n0wall (10.9.0.1),
and receive returns.
 B Pings from the m0n0wall gui to hosts on the 10.0.0/24 return
redirects indicating that m0n0wall is pushing them onto the WAN
(Noooo!), and they are reaching my provider's router.

Observations:
 - Item A lulled me into thinking that this would work without a hitch
 - Item B seems to indicate that it may not work
 - The "block private networks" option on the WAN interface screen is
assiduously correct in that it blocks traffic _from_ these networks,
but not traffic _to_ these networks.


Primary questions:

 - Has anyone done it? Would share your method with me?
 -  Alternatively, if it's impossible, (would you shoot me down now?
 - If neither, i'm a bit baffled why the ping returns would use the
correct route, but the m0n0wall-initiated pings would choose a
different (i.e., default) route.

Any help to offer?

Thanks,

du