dhcprelay - DHCP Relay for 'DHCPv4 Configuration of IPSec Tunnel Mode' ---------------------------------------------------------------------- $Id: README,v 1.2 2002/08/29 10:46:40 sri Exp $ This DHCP-Relay forwards any DHCP packet out of a list of given ipsec devices to the DHCP server of a network and returns the response. If no DHCP server is given the packets are sent by broadcast. Installation ------------ Unpack the archive then configure, compile and install it: ______________________________________________________________________ bash# tar -xvzf dhcprelay-X.Y.tar.gz bash# cd dhcprelay-X.Y bash# ./configure bash# make bash# make install ______________________________________________________________________ Afterwards, the relay can be started, stopped and observed using the the start-up script /etc/init.d/dhcprelay: ______________________________________________________________________ sh# /etc/init.d/dhcprelay start Starting dhcprelay done bash# /etc/init.d/dhcprelay status Checking for service dhcprelay: running bash# /etc/init.d/dhcprelay stop Shutting down dhcprelay done ______________________________________________________________________ To make the relay starting automatically on start-up, insert the service with the insserv or chkconfig tool: ______________________________________________________________________ bash# cd /etc/init.d/ bash# insserv dhcprelay ______________________________________________________________________ Configuration ------------- The DHCP-Server configuration file (/etc/dhcprelay.conf) contains four items: - LOGFILE sets the path to log-file of the relay. - DEVICES is a comma separated list of ipsec devices the relay should listen on and must contain no spaces! - SERVERDEVICE the device over which the DHCP-Server can be reached - DHCPSERVER defines the host name or the IP address of the responsible DHCP-Server. If no server is given, the packets are forwarded by broadcast. It follows an example for two ipsec devices and a known DHCP-Server: _____________________________________________________________________ # DHCP-Relay configuration file # Logfile LOGFILE="/var/log/dhcprelay.log" # IPSec devices (comma separated list including NO spaces) DEVICES="ipsec0,ipsec1" # Device over which the DHCP-Server can be reached SERVERDEVICE="eth1" # Hostname or IP Address of the DHCP-Server DHCPSERVER="192.168.1.10" _____________________________________________________________________ DHCP-Configuration ------------------ The relay inserts the ip address of the <SERVERDEVICE> into the 'Gateway Address' field. In addition, a 'DHCP Relay Agent Information Option' is added, which contains the name of the device the packet comes from. Thus, the dhcp server can distinguish between *normal* clients and several *vpn* clients. Example (extract from dhcp.conf): _____________________________________________________________________ # vpn clients class class "vpn-clients" { match if option agent.circuit-id = "ipsec0"; } # vpn subnet subnet 192.168.0.0 netmask 255.255.255.0 { pool { allow members of "vpn-clients"; range 192.168.0.100 192.168.0.120; } } _____________________________________________________________________ Credits ------- I'd like to thank the following people their help and support (in alphabetical order): - Adrian Blockus - Gordon Heydon - John A. Sullivan III - Michael Niehren - Mikael Hammarin - Nate Carlson Any suggestions are welcome. Please send your additions, comments and criticisms to: Mario Strasser <mast@gmx.net>