On 03/29/2018 10:21 AM, Andreas Steffen wrote: > Hi, > > yes you can fully integrate a remote host into a LAN by using the > farp and dhcp plugins on the VPN gateway so that the gateway > acts as an ARP proxy for the remote clients. Have a look at the > following example scenario based on swanctl: > > https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/ > > In swanctl.conf > > > https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.swanctl.conf > > use pools = dhcp and in strongswan.conf > > > https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.strongswan.conf > > define the DCHP server to be used. > > Regards > > Andreas Thanks Andreas. You likely know (but for the benefit of others), things are done differently in RHEL. For the plugins normally loaded by /etc/strongswan/strongswan.conf, in the case of RHEL there's just a call to: charon { load_modular = yes plugins { include strongswan.d/charon/*.conf } }
... and in that directory there's a .conf for each plugin. Given the charon.log, all required plugins are already being loaded without my intervention (at least for charon, Idk about swanctl), including farp and dhcp. Since I no longer use the stroke plugin I set in its .conf file load = no. And in dhcp.conf I set server = 192.168.1.10 which will be the LAN DHCP server. Thing is since I run servers I've always used static IPs, so I'll have to figure out DHCP predictable assignment. But with the transition to IPV6 I will be using DHCP exclusively. (for the love of all that's holy)