Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > 5858dc21eedbfccce934a6003b522bd6 > files > 16

dhcprelay-0.3.2b-4mdv2010.0.i586.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>DHCPv4 Configuration of IPsec Tunnel Mode HOWTO: DHCP-Relay</TITLE>
 <LINK HREF="ipsec-dhcp-howto-5.html" REL=next>
 <LINK HREF="ipsec-dhcp-howto-3.html" REL=previous>
 <LINK HREF="ipsec-dhcp-howto.html#toc4" REL=contents>
</HEAD>
<BODY>
<A HREF="ipsec-dhcp-howto-5.html">Next</A>
<A HREF="ipsec-dhcp-howto-3.html">Previous</A>
<A HREF="ipsec-dhcp-howto.html#toc4">Contents</A>
<HR>
<H2><A NAME="s4">4. DHCP-Relay</A></H2>

<H2><A NAME="ss4.1">4.1 Installation</A>
</H2>

<P>Download the source archive from 
<A HREF="http://www.strongsec.com/freeswan/dhcprelay/">http://www.strongsec.com/freeswan/dhcprelay/</A>
then unpack, configure, compile and install it:
<HR>
<PRE>
bash# tar -xvzf dhcprelay-X.Y.tar.gz
bash# cd dhcprelay-X.Y
bash# ./configure
bash# make
bash# make install
</PRE>
<HR>
 
In case of troubles, the relay can be compiled in debugging mode
by using the <CODE>--enable-debug</CODE> argument:
<HR>
<PRE>
bash# ./configure --enable-debug
bash# make
bash# make install
</PRE>
<HR>

The DHCP-Relay can be started, stopped, restarted and observed using the
<CODE>/etc/init.d/dhcprelay</CODE> startup script as shown
in the following example:
<HR>
<PRE>
bash# /etc/init.d/dhcprelay start
Starting dhcprelay                      done
bash# /etc/init.d/dhcprelay status
Checking for service dhcprelay:         running
bash# /etc/init.d/dhcprelay stop
Shutting down dhcprelay                 done
</PRE>
<HR>

To make the relay starting automatically on start-up, insert
the service with the <CODE>insserv</CODE> or <CODE>chkconfig</CODE>tool:
<HR>
<PRE>
bash# cd /etc/init.d/
bash# insserv dhcprelay
</PRE>
<HR>

Be aware of the fact that FreeS/WAN <EM>must</EM> already be running
when you start the relay and thus if you restart the FreeS/WAN
service, the DHCP-Relay <EM>must</EM> be restarted, too!
<P>
<H2><A NAME="ss4.2">4.2 Configuration</A>
</H2>

<P>The DHCP-Server configuration file (<CODE>/usr/local/etc/dhcprelay.conf</CODE>) 
contains four items:
<UL>
<LI><CODE>LOGFILE</CODE> sets the path to log-file of the relay.</LI>
<LI><CODE>DEVICES</CODE> is a comma separated list of ipsec
devices the relay should listen on and must contain no spaces!</LI>
<LI><CODE>SERVERDEVICE</CODE> the device over which the DHCP-Server 
can be reached.</LI>
<LI><CODE>DHCPSERVER</CODE> defines the host name or the IP address
of the responsible DHCP-Server. If no server is given, the
packets are forwarded by broadcast.</LI>
</UL>

It follows an example for one ipsec device and a known DHCP-Server,
according to the 
<A HREF="ipsec-dhcp-howto-1.html#overview">overview scenario</A>.
<HR>
<PRE>
# DHCP-Relay configuration file

# Logfile
LOGFILE="/var/log/dhcprelay.log"

# IPSec devices (comma separated list including NO spaces)
DEVICES="ipsec0"

# The device over which the DHCP-Server can be reached
SERVERDEVICE="eth1"

# Hostname or IP Address of the DHCP-Server
DHCPSERVER="192.168.0.10"
</PRE>
<HR>
<P>
<H2><A NAME="ss4.3">4.3 Running the DHCP-Server and the DHCP-Relay on the same Host</A>
</H2>

<P>Since release 0.3.1 of the DHCP-Relay this can easily be done by
binding both, the relay and the server to the loopback device.
Therefore, set 
<HR>
<PRE>
SERVERDEVICE="lo"
</PRE>
<HR>
 in the
DHCP-Relay configuration file and add <CODE>lo</CODE> to the list
of target devices when starting the DHCP-Server. For example:
<HR>
<PRE>
bash# dhcpd lo eth1
</PRE>
<HR>

Further, the DHCP-Server must be able to reply to request comming over 
the <CODE>lo</CODE> device, which are not out of the dedicated subnet
(127.0.0.0/8). For the ISC DHCP-Server the <CODE>subnet</CODE> configurations 
must therefore be embedded into the <CODE>shared-network</CODE> statement:
<HR>
<PRE>
...
shared-network vpn-networks {
  ...

  subnet 127.0.0.0 netmask 255.0.0.0 {
  }

  subnet 192.168.0.0 netmask 255.255.255.0 { 
    ...
  }

  subnet 192.168.1.0 netmask 255.255.255.0 {
    ...
  }

  ...
}
</PRE>
<HR>

See 
<A HREF="ipsec-dhcp-howto-6.html#dhcpd_conf_2">Section 6.3</A> for a complete 
configuration file.
<P>
<HR>
<A HREF="ipsec-dhcp-howto-5.html">Next</A>
<A HREF="ipsec-dhcp-howto-3.html">Previous</A>
<A HREF="ipsec-dhcp-howto.html#toc4">Contents</A>
</BODY>
</HTML>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional