DHCP relay agents are systems that are on the same network segment as the
dhcp client that is requesting a lease. They then relay that request to a
specified dhcp server as a network routable request (since dhcp request
packets are not normally routable). When they recieve the response, they
simply forward it back to the dhcp client that made the request.
So if you plan on using a dhcp server over an ipsec tunnel, you'll need a
local machine to act as the dhcp relay. Consequently, it usually makes dhcp
relays not so useful.
----- Original Message -----
From: "Jason Grimm" <jason dot grimm at freedomlink dot net>
To: "Johan Bergquist" <johan dot bergquist at fredab dot se>; <m0n0wall at lists dot m0n0 dot ch>
Sent: Monday, May 10, 2004 10:36 AM
Subject: Re: [m0n0wall] Kind of non m0n0wallquestion but a tricky one any
> I have done this on cisco with the 'helper address' command which changes
> the broadcast dhcp traffic into a directed request to a specified IP.
> worked quite well, single dhcp server, about 35 gre tunnelled locations
> with the requests forwarding over the tunnels. I would think the relay
> agent works the same way but you would probably have to have a server on
> each side of the tunnel relaying to each other, or maybe just one on the
> side requesting the addresses. I can't recall off hand and don't have
> access to my m0n0wall where I am at right now to see if there is a relay
> agent setting on the m0n0wall dhcp option page. If there is I would
> it would work in the same way of receiving the broadcast at the local
> and proxying that request, via a directed IP session, across the tunnel
> (assuming the dhcp server IP is an address on the other side of the
> Not sure though, untested in my environment as of yet.
> Just my .02,
> Jason Grimm
> ----- Original Message -----
> From: "Johan Bergquist" <johan dot bergquist at fredab dot se>
> To: <m0n0wall at lists dot m0n0 dot ch>
> Sent: Monday, May 10, 2004 9:38 AM
> Subject: [m0n0wall] Kind of non m0n0wallquestion but a tricky one any
> > Okay, I've got the IPSEC m0n0 to m0n0 working, and it's probably the
> > thing that has happened this year... but anyway, has anyone tried to
> > DHCP requests across the tunnels? It should be possible if you were
> > dhcprelayagents or am I just thinking jibberisch? Comments anyone?
> > //Johan
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch