yes, I carefully examined both scanarios, however, both of them fail to autonomously identify "any ikev2 request" and require that identities or auto-generated MAC addresses be entered into dhcpd.conf ahead of time, which is just infeasible on a large scale.
On 7/14/2011 11:14, Andreas Steffen wrote: > Hello Christ, > > did you have a look at the following example scenarios which > use charon's dhcp plugin? > > http://www.strongswan.org/uml/testresults/ikev2/dhcp-static-client-id/ > > http://www.strongswan.org/uml/testresults/ikev2/dhcp-static-mac/ > > Regards > > Andreas > > On 07/14/2011 07:23 PM, Christ Schlacta wrote: >> I've dedicated an entire /23 to strongswan IKEv2 clients, and would like >> to be able to have charon query ISC dhcpd to acquire IP addressi and >> other parameters. It would be nice if in addition, I could use a >> user-specified attribute of the IKEv2 identity as a hostname (for >> example, my certificates are configured such that cn=hostname). it >> would also be nice if I could tell windows the connection specific dns >> suffix, which there seems to be no RFC to specify at present, that's a >> suggestion for future RFC refinements. >> >> I keep running into 2 problems an a minor issue: >> >> 1) the DHCP server never gets requests. I've tried specifying >> 255.255.255.255 and the specific DHCP server address, and neither >> results in queries arriving at the DHCP server, which is on the same >> device as strongswan >> 2) I've reserved the address range with some subnet parameters, et al on >> the dhcp server, but have no generic way to match "this query has come >> from charon, so issue it an IP address from this pool". there's no >> virtual device for charon, so I can't specify an IP address in the >> range, or similar, and I'm at a complete loss how to accomplish this now. >> 3) this is somewhat less. there's no way to specify a certificate >> attribute as hostname or other, anything except the "ikev2 identity" >> can't be passed in the dhcp request insofar as I can identify. > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
