[ previous ] [ next ] [ threads ]
 From:  "Mark DeGroot" <mdegroot at bettenimports dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] DHCP Relay across an IPSEC VPN
 Date:  Tue, 8 Feb 2005 14:06:21 -0500
-----Original Message-----
From: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sent: Monday, February 07, 2005 4:25 PM
To: D. Ubevidste
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] DHCP Relay across an IPSEC VPN

On Thu, 3 Feb 2005 19:06:00 -0500, D. Ubevidste <detubevidste at gmail dot com>
>  - Has anyone done it? Would share your method with me?
>  -  Alternatively, if it's impossible, (would you shoot me down now?
>  - If neither, i'm a bit baffled why the ping returns would use the
> correct route, but the m0n0wall-initiated pings would choose a
> different (i.e., default) route.

haven't tried it, and I don't know that it would be impossible, but
here's at least part of the solution.  The reason m0n0wall-initiated
traffic doesn't go over VPN is described here, along with a work
around.  http://m0n0.ch/wall/docbook/faq-snmpovervpn.html

Might be the last piece you need to get this working.  


I assume that the remote network is going on separate subnet than the host
site.  In that scenario for one dhcp server to allow multiple scopes you
need to setup an "ip helper address" that forwards DHCP packets across the
vpn and alters the packet to tell the dhcp server what subnet the packet's
source was.  (Having a unique subnet at each site the broadcast domain stays
at that site.)  I don't know if monowall supports "ip helper address" for
this purpose.

Hope this helps to send you in the right direction.