[ previous ] [ next ] [ threads ]
 
 From:  David Rodgers <david dot rodgers at kdsi dot net>
 To:  Eric Shorkey <eshorkey at commonpointservices dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Kind of non m0n0wallquestion but a tricky one any way...
 Date:  Mon, 10 May 2004 11:07:26 -0500
I may be out of it but I don't understand the point of this to begin
with. Why would you want to do dhcp through your gateway across the vpn
when you have a capable remote manageable box sitting on the other end
that will already do it?

You can do your dhcp local to the client on the other end and just add
routes to the boxes on both ends so that they are aware of each other.
Or am I missing a point?

David


On Mon, 2004-05-10 at 10:56, Eric Shorkey wrote:
> DHCP relay agents are systems that are on the same network segment as the
> dhcp client that is requesting a lease. They then relay that request to a
> specified dhcp server as a network routable request (since dhcp request
> packets are not normally routable). When they recieve the response, they
> simply forward it back to the dhcp client that made the request.
> 
> So if you plan on using a dhcp server over an ipsec tunnel, you'll need a
> local machine to act as the dhcp relay. Consequently, it usually makes dhcp
> relays not so useful.
> 
> 
> ----- Original Message ----- 
> From: "Jason Grimm" <jason dot grimm at freedomlink dot net>
> To: "Johan Bergquist" <johan dot bergquist at fredab dot se>; <m0n0wall at lists dot m0n0 dot ch>
> Sent: Monday, May 10, 2004 10:36 AM
> Subject: Re: [m0n0wall] Kind of non m0n0wallquestion but a tricky one any
> way...
> 
> 
> > I have done this on cisco with the 'helper address' command which changes
> > the broadcast dhcp traffic into a directed request to a specified IP.
> This
> > worked quite well, single dhcp server, about 35 gre tunnelled locations
> all
> > with the requests forwarding over the tunnels.  I would think the relay
> > agent works the same way but you would probably have to have a server on
> > each side of the tunnel relaying to each other, or maybe just one on the
> > side requesting the addresses.  I can't recall off hand and don't have
> > access to my m0n0wall where I am at right now to see if there is a relay
> > agent setting on the m0n0wall dhcp option page.  If there is I would
> suspect
> > it would work in the same way of receiving the broadcast at the local
> subnet
> > and proxying that request, via a directed IP session, across the tunnel
> > (assuming the dhcp server IP is an address on the other side of the
> tunnel).
> > Not sure though, untested in my environment as of yet.
> >
> > Just my .02,
> >
> > Jason Grimm
> > ----- Original Message ----- 
> > From: "Johan Bergquist" <johan dot bergquist at fredab dot se>
> > To: <m0n0wall at lists dot m0n0 dot ch>
> > Sent: Monday, May 10, 2004 9:38 AM
> > Subject: [m0n0wall] Kind of non m0n0wallquestion but a tricky one any
> way...
> >
> >
> > > Okay, I've got the IPSEC m0n0 to m0n0 working, and it's probably the
> best
> > > thing that has happened this year... but anyway, has anyone tried to
> pass
> > > DHCP requests across the tunnels? It should be possible if you were
> using
> > > dhcprelayagents or am I just thinking jibberisch? Comments anyone?
> > >
> > > //Johan
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>