Re: dhcp over ipsec with linux 2.6
Marco Berizzi wrote: > > Patrick McHardy wrote: > >> Marco Berizzi wrote: >> > I would like to deploy dhcp over ipsec with openswan >> > 2.4.x running on linux 2.6.15.1. To achieve this >> > solution I need dhcp relay agent running on the ipsec >> > gateway box (there will be also the dhcp server on the >> > same box). I'm using the native linux 2.6 ipsec (no >> > KLIPS) so there is no virtual devices. ISC dhcp relay >> > agent need to know which interface should listen (-i >> > flag). With KLIPS I set '-i ipsecX' interface. What >> > should I specify when I'm using the native 2.6 stack? >> >> You can use ipip or gre tunnels over IPsec and use these >> devices. > > > I can't use ipip or gre tunnels over IPsec because the > other peer doesn't support them :-(( I think its also possible to change dhcrelay to use regular UDP sockets instead of AF_PACKET sockets, which should work fine on the real device. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: dhcp over ipsec with linux 2.6
Patrick McHardy wrote: Marco Berizzi wrote: > I would like to deploy dhcp over ipsec with openswan > 2.4.x running on linux 2.6.15.1. To achieve this > solution I need dhcp relay agent running on the ipsec > gateway box (there will be also the dhcp server on the > same box). I'm using the native linux 2.6 ipsec (no > KLIPS) so there is no virtual devices. ISC dhcp relay > agent need to know which interface should listen (-i > flag). With KLIPS I set '-i ipsecX' interface. What > should I specify when I'm using the native 2.6 stack? You can use ipip or gre tunnels over IPsec and use these devices. I can't use ipip or gre tunnels over IPsec because the other peer doesn't support them :-(( If you're using ISC dhcrelay you'll need to patch the BPF expressions to handle the link type correctly. Thanks for the response. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: dhcp over ipsec with linux 2.6
Marco Berizzi wrote: > I would like to deploy dhcp over ipsec with openswan > 2.4.x running on linux 2.6.15.1. To achieve this > solution I need dhcp relay agent running on the ipsec > gateway box (there will be also the dhcp server on the > same box). I'm using the native linux 2.6 ipsec (no > KLIPS) so there is no virtual devices. ISC dhcp relay > agent need to know which interface should listen (-i > flag). With KLIPS I set '-i ipsecX' interface. What > should I specify when I'm using the native 2.6 stack? You can use ipip or gre tunnels over IPsec and use these devices. If you're using ISC dhcrelay you'll need to patch the BPF expressions to handle the link type correctly. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
dhcp over ipsec with linux 2.6
I would like to deploy dhcp over ipsec with openswan 2.4.x running on linux 2.6.15.1. To achieve this solution I need dhcp relay agent running on the ipsec gateway box (there will be also the dhcp server on the same box). I'm using the native linux 2.6 ipsec (no KLIPS) so there is no virtual devices. ISC dhcp relay agent need to know which interface should listen (-i flag). With KLIPS I set '-i ipsecX' interface. What should I specify when I'm using the native 2.6 stack? This is my ipsec gateway diagram: +-+ | OSW-2.4 | | DHCP-RA | ---eth0-public-ip---+ +---eth1-dmz-public-network | Linux | | 2.6.15 | +++ | | | eth2-private-net TIA - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html