Wouldn't be simpler to just get everything from DHCP, rather than getting the IP address from one place and everything else from another?
Den 2016-06-06 kl. 07:41, skrev Peter Bieringer: > Hi Michael, > > IPv4 address is already passed to WP10 by strongswan and accepted > withouth external DHCP. > > The problem is that WP10 (and I would assume also other Windows System) > is starting afterwards on the new link "DCHP Inform" to get additional > information, and this can't be served by strongswan so far as I can see > and therefore need to be catched and forwarded to a sophisticated DHCP > server. > > And in my scenario (Split Tunneling = false) I want to feed new routes > into WP10 via DCHP response to "Classless-Static-Route-Microsoft". > > Regards, > Peter > > Am 05.06.2016 um 21:56 schrieb Michael Schwartzkopff: >> Am Sonntag, 5. Juni 2016, 19:41:30 schrieb Peter Bieringer: >>> Hi, >>> >>> after some hours of playing around and digging through Google I need now >>> support... >>> >>> Initial problem: Windows Phone 10 VPN client where "Split Tunneling = >>> false" can't be set (unlike Windows 10 where Powershell command will help) >>> >>> Probable solution: distribute routes to WP 10 via DHCP reply by >>> responding with proper routes to the received DHCP inform message: >>> >>> Received on ipsec0 interface (tcpdump): >>> >>> 172.16.1.1.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request, >>> length 300, htype 8, hlen 0, xid 0x5b8e69a6, secs 1536, Flags [none] >>> Client-IP 172.16.1.1 >>> Vendor-rfc1048 Extensions >>> Magic Cookie 0x63825363 >>> DHCP-Message Option 53, length 1: Inform >>> Client-ID Option 61, length 17: "***" >>> Hostname Option 12, length 13: "Windows-Phone" >>> Vendor-Class Option 60, length 8: "MSFT 5.0" >>> Parameter-Request Option 55, length 6: >>> Domain-Name-Server, Netbios-Name-Server, Vendor-Option, >>> Subnet-Mask >>> Classless-Static-Route-Microsoft, Domain-Name >>> >>> >>> But I get now stucked, I haven't found any solution so far to feed this >>> DHCP message received via ipsec0 to a DHCP server (tried ISC and dnsmasq >>> listening on a tap interface with iptables NAT PREROUTING hints). >>> dhcrelay also won't work, interface ipsec0 is not liked by any dhcp >>> server... >>> >>> Has anyone a working example for strongswan how to feed DHCP client >>> messages received after IPsec is established to a DCHP server and >>> respond proper with additional information? >>> >>> e.g. something like a broadcast forwarding/snooper based on layer 2. >>> >>> BTW: IPsec setup is IKEv2, system is running on Virtuozzo, so briding of >>> interfaces is not an option, only tun/tap interfaces are available. >> As far as I understand, IKE2 should be possible to hand out it own IP >> adresses. >> >> See: >> https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp >> https://wiki.strongswan.org/projects/strongswan/wiki/Dhcpplugin >> >> Is this an otion in your setup? Or do the IP addresses really have to be >> passed on to the central DHCP server? >> >> Mit freundlichen Grüßen, >> >> Michael Schwartzkopff >> >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users >> > -- Christian Huldt +46704612207
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
