Am Sonntag, 5. Juni 2016, 19:41:30 schrieb Peter Bieringer: > Hi, > > after some hours of playing around and digging through Google I need now > support... > > Initial problem: Windows Phone 10 VPN client where "Split Tunneling = > false" can't be set (unlike Windows 10 where Powershell command will help) > > Probable solution: distribute routes to WP 10 via DHCP reply by > responding with proper routes to the received DHCP inform message: > > Received on ipsec0 interface (tcpdump): > > 172.16.1.1.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request, > length 300, htype 8, hlen 0, xid 0x5b8e69a6, secs 1536, Flags [none] > Client-IP 172.16.1.1 > Vendor-rfc1048 Extensions > Magic Cookie 0x63825363 > DHCP-Message Option 53, length 1: Inform > Client-ID Option 61, length 17: "***" > Hostname Option 12, length 13: "Windows-Phone" > Vendor-Class Option 60, length 8: "MSFT 5.0" > Parameter-Request Option 55, length 6: > Domain-Name-Server, Netbios-Name-Server, Vendor-Option, > Subnet-Mask > Classless-Static-Route-Microsoft, Domain-Name > > > But I get now stucked, I haven't found any solution so far to feed this > DHCP message received via ipsec0 to a DHCP server (tried ISC and dnsmasq > listening on a tap interface with iptables NAT PREROUTING hints). > dhcrelay also won't work, interface ipsec0 is not liked by any dhcp > server... > > Has anyone a working example for strongswan how to feed DHCP client > messages received after IPsec is established to a DCHP server and > respond proper with additional information? > > e.g. something like a broadcast forwarding/snooper based on layer 2. > > BTW: IPsec setup is IKEv2, system is running on Virtuozzo, so briding of > interfaces is not an option, only tun/tap interfaces are available.
As far as I understand, IKE2 should be possible to hand out it own IP adresses. See: https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp https://wiki.strongswan.org/projects/strongswan/wiki/Dhcpplugin Is this an otion in your setup? Or do the IP addresses really have to be passed on to the central DHCP server? Mit freundlichen Grüßen, Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
