Before I find out this doesn't work on my own -- is anyone using the
DHCP relay to reach a DHCP server across a tunnel?
Basic Architecture (apologies to proportion fonts users):
DHCP server | |m0n0-A | IPSEC | m0n0-B | | DHCP |
|--|10.0.0.1 |----VPN------|10.9.0.1 |--| Client |
10.0.0.25 | |<extip A>| TUNNEL |<extip B>| |Workstation|
The dhcp server sits on a home network with a 10.0.0/24 address, the
client on a remote 10.9.0/24 network, with two m0n0walls between and
an IPSEC tunnel
A The DHCP server can ping the LAN IP of the m0n0wall (10.9.0.1),
and receive returns.
B Pings from the m0n0wall gui to hosts on the 10.0.0/24 return
redirects indicating that m0n0wall is pushing them onto the WAN
(Noooo!), and they are reaching my provider's router.
- Item A lulled me into thinking that this would work without a hitch
- Item B seems to indicate that it may not work
- The "block private networks" option on the WAN interface screen is
assiduously correct in that it blocks traffic _from_ these networks,
but not traffic _to_ these networks.
- Has anyone done it? Would share your method with me?
- Alternatively, if it's impossible, (would you shoot me down now?
- If neither, i'm a bit baffled why the ping returns would use the
correct route, but the m0n0wall-initiated pings would choose a
different (i.e., default) route.
Any help to offer?