dhcprelay - DHCP Relay for 'DHCPv4 Configuration of IPSec Tunnel Mode'
----------------------------------------------------------------------
$Id: README,v 1.2 2002/08/29 10:46:40 sri Exp $
This DHCP-Relay forwards any DHCP packet out of a list of given ipsec
devices to the DHCP server of a network and returns the response.
If no DHCP server is given the packets are sent by broadcast.
Installation
------------
Unpack the archive then configure, compile and install it:
______________________________________________________________________
bash# tar -xvzf dhcprelay-X.Y.tar.gz
bash# cd dhcprelay-X.Y
bash# ./configure
bash# make
bash# make install
______________________________________________________________________
Afterwards, the relay can be started, stopped and observed
using the the start-up script /etc/init.d/dhcprelay:
______________________________________________________________________
sh# /etc/init.d/dhcprelay start
Starting dhcprelay done
bash# /etc/init.d/dhcprelay status
Checking for service dhcprelay: running
bash# /etc/init.d/dhcprelay stop
Shutting down dhcprelay done
______________________________________________________________________
To make the relay starting automatically on start-up, insert the
service with the insserv or chkconfig tool:
______________________________________________________________________
bash# cd /etc/init.d/
bash# insserv dhcprelay
______________________________________________________________________
Configuration
-------------
The DHCP-Server configuration file (/etc/dhcprelay.conf) contains
four items:
- LOGFILE sets the path to log-file of the relay.
- DEVICES is a comma separated list of ipsec devices the relay should
listen on and must contain no spaces!
- SERVERDEVICE the device over which the DHCP-Server can be reached
- DHCPSERVER defines the host name or the IP address of the
responsible DHCP-Server. If no server is given, the packets are
forwarded by broadcast.
It follows an example for two ipsec devices and a known DHCP-Server:
_____________________________________________________________________
# DHCP-Relay configuration file
# Logfile
LOGFILE="/var/log/dhcprelay.log"
# IPSec devices (comma separated list including NO spaces)
DEVICES="ipsec0,ipsec1"
# Device over which the DHCP-Server can be reached
SERVERDEVICE="eth1"
# Hostname or IP Address of the DHCP-Server
DHCPSERVER="192.168.1.10"
_____________________________________________________________________
DHCP-Configuration
------------------
The relay inserts the ip address of the <SERVERDEVICE> into the
'Gateway Address' field. In addition, a 'DHCP Relay Agent
Information Option' is added, which contains the name of the device
the packet comes from. Thus, the dhcp server can distinguish between
*normal* clients and several *vpn* clients.
Example (extract from dhcp.conf):
_____________________________________________________________________
# vpn clients class
class "vpn-clients" {
match if option agent.circuit-id = "ipsec0";
}
# vpn subnet
subnet 192.168.0.0 netmask 255.255.255.0 {
pool {
allow members of "vpn-clients";
range 192.168.0.100 192.168.0.120;
}
}
_____________________________________________________________________
Credits
-------
I'd like to thank the following people their help and support
(in alphabetical order):
- Adrian Blockus
- Gordon Heydon
- John A. Sullivan III
- Michael Niehren
- Mikael Hammarin
- Nate Carlson
Any suggestions are welcome.
Please send your additions, comments and criticisms to:
Mario Strasser <mast@gmx.net>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
5858dc21eedbfccce934a6003b522bd6
>
files
>
12
