DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 22nd May 2010
dontek dontek is offline
New User
 
Join Date: May 2010
Posts: 2
Thanked 0 Times in 0 Posts
Default dhcpd, dhcrelay, and ipsec VPN

Now that OpenBSD 4.7 is out I am trying to get DHCP over IPSec working on my VPN for remote clients.

My VPN gateway also hosts dhcpd.

My question is, since dhcpd runs on the gateway, can I just make it listen on enc0 to serve leases, or do I need to use dhcrelay and have dhcpd listen on lo and relay enc to lo?

Or am I totally thinking I can do this the wrong way?

Thanks in advance.
Reply With Quote
  #2   (View Single Post)  
Old 22nd May 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,640
Thanked 214 Times in 189 Posts
Default

I don't know if I've ever seen DHCP "under" IPSec discussed in regards to OpenBSD before.

I run IPSec for wireless security, with DHCP, but the leases are established before the ESP tunnels are established. They have to be, since I use an isakmpd(8) PKE infrastructure. Those require UDP communication between existing IP addresses for SA and flow negotiations, tunnel setup, key change, and tear down.

AFAIK, dhcpd(8) and dhclient(8) use bpf(4) for communication. I don't know, therefore, how one would go about applying ESP or AH protocols to such packets.

As for your question about enc(4), that is, as far as I know, only usable with pf(4) and tcpdump(8).
Reply With Quote
  #3   (View Single Post)  
Old 22nd May 2010
dontek dontek is offline
New User
 
Join Date: May 2010
Posts: 2
Thanked 0 Times in 0 Posts
Default

per dhcrelay man page:

"dhcrelay supports relaying of DHCP traffic to configure IPsec tunnel mode clients when listening on the enc(4) interface. The DHCP server has to support RFC 3046 to echo back the relay agent information to allow state-less DHCP reply to IPsec tunnel mapping."

also

command line switch -o = "Add the relay agent information option. By default, this is only enabled for the enc(4) interface."

I believe OpenBSD 4.7 dhcpd supports RFC 3046.

If I'm correct, then it's just a matter of making it work...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
dhcpd, vista and wlan hamba FreeBSD Ports and Packages 5 8th September 2009 04:34 PM
dhcpd and dns sputnik OpenBSD General 8 8th May 2009 02:50 PM
dhcpd and multiple subnets vdubjunkie OpenBSD General 5 11th March 2009 11:02 PM
dhcpd within ezjail? zelut FreeBSD General 7 10th February 2009 10:31 PM
dhcpd:No Buffer space avaible marsjanq OpenBSD General 8 13th September 2008 07:52 PM


All times are GMT. The time now is 10:10 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick