Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > 5858dc21eedbfccce934a6003b522bd6 > files > 13

dhcprelay-0.3.2b-4mdv2010.0.i586.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>DHCPv4 Configuration of IPsec Tunnel Mode HOWTO: Introduction</TITLE>
 <LINK HREF="ipsec-dhcp-howto-2.html" REL=next>

 <LINK HREF="ipsec-dhcp-howto.html#toc1" REL=contents>
</HEAD>
<BODY>
<A HREF="ipsec-dhcp-howto-2.html">Next</A>
Previous
<A HREF="ipsec-dhcp-howto.html#toc1">Contents</A>
<HR>
<H2><A NAME="s1">1. Introduction</A></H2>

<P>
<!--
(root)!introduction
-->

In many remote access scenarios, a mechanism for making the remote host
appear to be present on the local corporate network is quite useful.
This may be accomplished by assigning the host a "virtual" address from
the corporate network, and then tunneling traffic via IPsec from the
host's ISP-assigned address to the corporate security gateway. In IPv4,
the Dynamic Host Configuration Protocol (DHCP) provides for such a remote 
host configuration. The Internet-Draft &lt;draft-ietf-ipsec-dhcp-13.txt&gt; 
explores the requirements for host
configuration in IPsec tunnel mode, and describes how DHCPv4 may be
leveraged for configuration. This HOWTO describes the needed modifications
of the FreeS/WAN IPSec configuration as well as of further
needed parts, ex. the DHCP-Relay and DHCP-Server.
<P>The latest version of this document can be found at
<A HREF="http://www.strongsec.com/freeswan/dhcprelay/">http://www.strongsec.com/freeswan/dhcprelay/</A>.
<P>
<H2><A NAME="overview"></A> <A NAME="ss1.1">1.1 Scenario Overview </A>
</H2>

<P>The configuration examples in the following sections
are based on the following scenario:
<BLOCKQUOTE><CODE>
<PRE>
                                        Example LAN
                                      (192.168.0.0/23)
+---------------+                             |
|  Roadwarrior  |           +------------+    |    +----------------+
|               |           | Security   |    |    | DHCP-Server    |
|  +-------+    |-----------| Gateway    |    |----|                |
|  |Virtual|&lt;==============>| and        |----|    | (192.168.0.10) | 
|  | Host  |    |-----------| DHCP-Relay |    |    +----------------+
|  +-------+    |  IPSec-   +------------+    | 
+---------------+  Tunnel                     |    +----------------+
                                              |    | LAN-Clients    |
                                              |----| and            |
                                              |    | LAN-Servers    |
                                              |    +----------------+
                                              |  
                                              |    ...
</PRE>
</CODE></BLOCKQUOTE>

<UL>
<LI>Roadwarrior
<UL>
<LI>Gets its <EM>real IP</EM> address - which is used for Internet connectivity - 
from the DHCP-Server of the ISP. This happens independent from the mechanisms 
described in this HOWTO.</LI>
<LI>Gets its <EM>virtual IP</EM> (VIP) - which is used to access the <EM>Example LAN</EM> 
through the IPSec tunnel - from the DHCP-Server of the <EM>Example LAN</EM>. </LI>
</UL>

</LI>
<LI>Security Gateway and DHCP-Relay
<UL>
<LI>FreeS/WAN with applied X.509 patch (>= 0.9.14).</LI>
<LI>DHCP-Relay, forwarding from <CODE>ipsec0</CODE> to the DHCP-Server over <CODE>eth1</CODE>.</LI>
</UL>

</LI>
<LI>DHCP-Server
<UL>
<LI>DHCP-Server from the Internet Software Consortium (ISC), issuing
leases to the LAN-Clients as well as to the VPN-Clients.</LI>
<LI>The address pool for the LAN-Clients is out of the 192.168.0.0/24 subnet
and out of the 192.168.1.0/24 subnet for the VPN-Clients, respectively.</LI>
</UL>
</LI>
</UL>
<P>
<H2><A NAME="ss1.2">1.2 Copyright</A>
</H2>

<P>Copyright 2002 by Mario Strasser. 
Permission is granted to copy, distribute and/or modify this document 
under the terms of the GNU Free Documentation License, Version 1.1 or 
any later version published by the Free Software Foundation; with no 
Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. 
<P>
<H2><A NAME="ss1.3">1.3 Disclaimer</A>
</H2>

<P>Use the information in this document at your own risk. I disavow any
potential liability for the contents of this document. Use of the
concepts, examples, and/or other content of this document is entirely
at your own risk.
<P>All copyrights are owned by their owners, unless specifically noted
otherwise.  Use of a term in this document should not be regarded as
affecting the validity of any trademark or service mark.
<P>Naming of particular products or brands should not be seen as endorsements.
<P>You are strongly recommended to take a backup of your system before
major installation and backups at regular intervals.
<P>
<H2><A NAME="ss1.4">1.4 Credits</A>
</H2>

<P>I would like to thank Dr. Andreas Steffen for proofreading and giving
me support with the configuration files.
<P>
<HR>
<A HREF="ipsec-dhcp-howto-2.html">Next</A>
Previous
<A HREF="ipsec-dhcp-howto.html#toc1">Contents</A>
</BODY>
</HTML>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional