Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > 5858dc21eedbfccce934a6003b522bd6 > files > 15

dhcprelay-0.3.2b-4mdv2010.0.i586.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>DHCPv4 Configuration of IPsec Tunnel Mode HOWTO: DHCP-Server</TITLE>
 <LINK HREF="ipsec-dhcp-howto-4.html" REL=next>
 <LINK HREF="ipsec-dhcp-howto-2.html" REL=previous>
 <LINK HREF="ipsec-dhcp-howto.html#toc3" REL=contents>
</HEAD>
<BODY>
<A HREF="ipsec-dhcp-howto-4.html">Next</A>
<A HREF="ipsec-dhcp-howto-2.html">Previous</A>
<A HREF="ipsec-dhcp-howto.html#toc3">Contents</A>
<HR>
<H2><A NAME="s3">3. DHCP-Server</A></H2>

<H2><A NAME="ss3.1">3.1 Installation</A>
</H2>

<P>As DHCPv4 is a well defined standard, almost any DHCP-Server can
be used as long as it supports the <EM>DHCP Relay Agent 
Information Option</EM>. However, I recommend the usage of 
the DHCP-Server released by the Internet Software Consortium (ISC): 
<A HREF="http://www.isc.org/products/DHCP/">http://www.isc.org/products/DHCP/</A>.
More information can be found in the 
<A HREF="http://www.tldp.org/HOWTO/mini/DHCP/">DHCP mini-HOWTO</A>
or the related <CODE>README</CODE> file.
<P>
<H2><A NAME="ss3.2">3.2 Configuration</A>
</H2>

<P>If the VPN-clients should not be given a IP out of the common
address pool, either the <EM>DHCP Relay Agent Information Option</EM> 
or the <EM>Gateway Address</EM> can be used,
to distinguish between VPN-clients and normal clients. The first
contains the name of the ipsec device the request came from, the
second is set to the gateway's IP address. The following
sample shows how this may work. See 
<A HREF="ipsec-dhcp-howto-6.html#dhcpd_conf">Section 6.2</A>
for a complete configuration file.
<HR>
<PRE>
# vpn client class
class "vpn-clients" {
  match if option agent.circuit-id = "ipsec0";
}

subnet ... {
  ...
  
  # lan clients
  pool {
    deny members of "vpn-clients";
    ...
  }

  # vpn clients
  pool {
    allow members of "vpn-clients";
    ...
  }

}
</PRE>
<HR>

General information about how to setup a DHCP-Server can be found
either in the 
<A HREF="http://www.tldp.org/HOWTO/mini/DHCP/">DHCP mini-HOWTO</A> or in the man page of the DHCP-Server
configuration file (<EM>dhcpd.conf (5)</EM>).
<P>
<HR>
<A HREF="ipsec-dhcp-howto-4.html">Next</A>
<A HREF="ipsec-dhcp-howto-2.html">Previous</A>
<A HREF="ipsec-dhcp-howto.html#toc3">Contents</A>
</BODY>
</HTML>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional