[ previous ] [ next ] [ threads ]
 
 From:  "Johan Bergquist" <johan dot bergquist at fredab dot se>
 To:  "'David Rodgers'" <david dot rodgers at kdsi dot net>, "'Eric Shorkey'" <eshorkey at commonpointservices dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Kind of non m0n0wallquestion but a tricky one anyway...
 Date:  Tue, 11 May 2004 08:32:16 +0200
The point being is that I want to use a bootp and boot Terminal Services
over VPN/IPSEC... Or any other system for that matter.
We have a few costumers that is using our Terminal Servers and I would like
to minimize the impact on us when a user downloads something and craps out
the whole system... Does anyone think that this is doable? 

-----Original Message-----
From: David Rodgers [mailto:david dot rodgers at kdsi dot net] 
Sent: den 10 maj 2004 18:07
To: Eric Shorkey
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Kind of non m0n0wallquestion but a tricky one
anyway...

I may be out of it but I don't understand the point of this to begin with.
Why would you want to do dhcp through your gateway across the vpn when you
have a capable remote manageable box sitting on the other end that will
already do it?

You can do your dhcp local to the client on the other end and just add
routes to the boxes on both ends so that they are aware of each other.
Or am I missing a point?

David


On Mon, 2004-05-10 at 10:56, Eric Shorkey wrote:
> DHCP relay agents are systems that are on the same network segment as 
> the dhcp client that is requesting a lease. They then relay that 
> request to a specified dhcp server as a network routable request 
> (since dhcp request packets are not normally routable). When they 
> recieve the response, they simply forward it back to the dhcp client that
made the request.
> 
> So if you plan on using a dhcp server over an ipsec tunnel, you'll 
> need a local machine to act as the dhcp relay. Consequently, it 
> usually makes dhcp relays not so useful.
> 
> 
> ----- Original Message -----
> From: "Jason Grimm" <jason dot grimm at freedomlink dot net>
> To: "Johan Bergquist" <johan dot bergquist at fredab dot se>; 
> <m0n0wall at lists dot m0n0 dot ch>
> Sent: Monday, May 10, 2004 10:36 AM
> Subject: Re: [m0n0wall] Kind of non m0n0wallquestion but a tricky one 
> any way...
> 
> 
> > I have done this on cisco with the 'helper address' command which 
> > changes the broadcast dhcp traffic into a directed request to a
specified IP.
> This
> > worked quite well, single dhcp server, about 35 gre tunnelled 
> > locations
> all
> > with the requests forwarding over the tunnels.  I would think the 
> > relay agent works the same way but you would probably have to have a 
> > server on each side of the tunnel relaying to each other, or maybe 
> > just one on the side requesting the addresses.  I can't recall off 
> > hand and don't have access to my m0n0wall where I am at right now to 
> > see if there is a relay agent setting on the m0n0wall dhcp option 
> > page.  If there is I would
> suspect
> > it would work in the same way of receiving the broadcast at the 
> > local
> subnet
> > and proxying that request, via a directed IP session, across the 
> > tunnel (assuming the dhcp server IP is an address on the other side 
> > of the
> tunnel).
> > Not sure though, untested in my environment as of yet.
> >
> > Just my .02,
> >
> > Jason Grimm
> > ----- Original Message -----
> > From: "Johan Bergquist" <johan dot bergquist at fredab dot se>
> > To: <m0n0wall at lists dot m0n0 dot ch>
> > Sent: Monday, May 10, 2004 9:38 AM
> > Subject: [m0n0wall] Kind of non m0n0wallquestion but a tricky one 
> > any
> way...
> >
> >
> > > Okay, I've got the IPSEC m0n0 to m0n0 working, and it's probably 
> > > the
> best
> > > thing that has happened this year... but anyway, has anyone tried 
> > > to
> pass
> > > DHCP requests across the tunnels? It should be possible if you 
> > > were
> using
> > > dhcprelayagents or am I just thinking jibberisch? Comments anyone?
> > >
> > > //Johan
> > >
> >
> >
> > --------------------------------------------------------------------
> > - To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch