Hello Christ, did you have a look at the following example scenarios which use charon's dhcp plugin?
http://www.strongswan.org/uml/testresults/ikev2/dhcp-static-client-id/ http://www.strongswan.org/uml/testresults/ikev2/dhcp-static-mac/ Regards Andreas On 07/14/2011 07:23 PM, Christ Schlacta wrote: > I've dedicated an entire /23 to strongswan IKEv2 clients, and would like > to be able to have charon query ISC dhcpd to acquire IP addressi and > other parameters. It would be nice if in addition, I could use a > user-specified attribute of the IKEv2 identity as a hostname (for > example, my certificates are configured such that cn=hostname). it > would also be nice if I could tell windows the connection specific dns > suffix, which there seems to be no RFC to specify at present, that's a > suggestion for future RFC refinements. > > I keep running into 2 problems an a minor issue: > > 1) the DHCP server never gets requests. I've tried specifying > 255.255.255.255 and the specific DHCP server address, and neither > results in queries arriving at the DHCP server, which is on the same > device as strongswan > 2) I've reserved the address range with some subnet parameters, et al on > the dhcp server, but have no generic way to match "this query has come > from charon, so issue it an IP address from this pool". there's no > virtual device for charon, so I can't specify an IP address in the > range, or similar, and I'm at a complete loss how to accomplish this now. > 3) this is somewhat less. there's no way to specify a certificate > attribute as hostname or other, anything except the "ikev2 identity" > can't be passed in the dhcp request insofar as I can identify. ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
