Thanks for your reply Daniel, Then as I follow your suggestion I'll try to implement this:
1- Build up the Linux Router (Corporate): ISP IP= 1.2.3.4 LAN IP= 172.16.0.1/24 2- Buildup DHCP and DNS server with Bind9: LAN IP= 172.16.0.2 IP POOLS corporate LAN= 172.16.0.10 - 172.16.0.254 IP POOLS ExternalUsers= 172.17.1.3 - 172.17.1.254 (Via VPN) 3- Buildup Email server with Qmail or anyother software: LAN IP= 172.16.0.3 4- Buildup Web server with apache: LAN IP = 172.16.0.4 5- Buildup the VPN server: IP POOL = 172.17.0.2-254 (These are the IPs that Linksys or Dlink device will get after a successful authentication occurs) -Install and configure a DHCP relay from ISC.org. Then: 1- Configure device (Linksy or Dlink or anyother) with: ISP IP= 1.2.3.5 VPN SERVER IP = 1.2.3.4:VPNPORT VPN ASSIGNED IP FROM POOL= 172.17.0.2 (If it successful authenticate) VPN SERVER KEY/PASS = "abcd" NAT-T = ENABLED? The question reside on this, how can I do to let users get theirs IPs from the corporate LAN's DHCP server (range 172.17.1.x/24)?. I'd like to do this because It would be ease for me to handle avery IP from branch office, let's say I can assign a group of address to Counter and another group of address to sales and each will have a diffent access and configuration, let's say Counter cannot browse Internet but Sales do. 2- Plugin a 24 port switch to device (linksys or Dlink) and from there the PC stations. 3- Try to ping from corporate LAN pc (172.16.0.11) to ExternalUsers (172.17.1.11) and viceversa. 4- Do some more traffic, let's say VNC. Carlos. --- El sáb 10-oct-09, Daniel Mentz <[email protected]> escribió: > De: Daniel Mentz <[email protected]> > Asunto: Re: [strongSwan] DHCP/Any Traffic over an established VPN tunnel > A: "Carlos Lopez" <[email protected]> > Cc: [email protected] > Fecha: sábado, 10 octubre, 2009, 4:14 pm > Hi Carlos, > > I learned from your e-mail that the subnet your branch > office uses is > > 172.17.0.0/24 > > Why don't you assign the static (internal) IP address > 172.17.0.3 to the Linksys / Dlink router and set up a > separate DHCP server in that subnet? You could also set up a > DHCP Relay agent and use the DHCP server in the head > office. > > I doubt that DHCP works across IPsec tunnels because it > uses broadcasts on the ethernet layer. > > -Daniel > > ____________________________________________________________________________________ ¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8. http://downloads.yahoo.com/ieak8/?l=e1 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
