Hi Mark, strongSwan as a client does not support DHCP-over-IPsec as defined by RFC 3456, although we introduced the left|rightprotoport configuration option about 10 years ago to allow the setup of short-lived DHCP SAs for 0.0.0.0/0 restricted to the bootps port on a strongSwan gateway, successfully interoperating with the SSH Sentinel client which at that time implemented RFC 3456. Later on everyone abandoned DHCP-over-IPsec in favour of the IKEv2 configuration payload.
If you prefer a DHCP server to assign a virtual IP address to your strongSwan client, we recommend to switch to IKEv2 and activate the dhcp and farp plugins on a strongSwan gateway which will then act as a DHCP proxy server. Have a look at the following example scenarios: http://www.strongswan.org/uml/testresults45/ikev2/dhcp-dynamic/ http://www.strongswan.org/uml/testresults45/ikev2/dhcp-static-client-id http://www.strongswan.org/uml/testresults45/ikev2/dhcp-static-mac/ Best regards Andreas On 05/23/2011 08:05 PM, [email protected] wrote: > All, > > > > I would like to find out if the strongswan client on a roadwarrior > supports obtaining a virtual ip address through dhcp over ipsec as > defined by RFC 3456. > > > > I would like to set up the configuration described at > http://www.strongswan.org/uml/testresults/ikev1/mode-config/index.html > > But instead of carol using %modeconfig to get a leftsourceip, she gets > it through dhcp. Is this possible though a custom _updown script? > > > > Thank you, > > Mark Marwil ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
