strongSwan

h1. dhcp plugin

The _dhcp_ plugin allows to forward requests for [[VirtualIP|virtual IP addresses]] to a DHCP server.

To enable the plugin, add

<pre>--enable-dhcp</pre> to the [[InstallationDocumentation|./configure options]].

It is available since [[4.4.0]].

h2. Behavior

When an IKEv2 client requests a virtual IP address via a configuration payload, the plugin allows the daemon to forward this request to a DHCP server. By default the plugin uses broadcasts, but a designated DHCP server can be configured in [[StrongswanConf|strongswan.conf]].

DNS/WINS server information is additionally served to clients if the DHCP server provides such information.

The MAC address used in the DHCP request is either randomly generated or can optionally be based on the IKEv2 identity of the client.

In combination with the [[FARPPlugin|farp plugin]] this plugin lets a road-warrior act as a client on the local LAN of the responder.

h2. Configuration

To enable the plugin for a connection the following option must be specified in [[IpsecConf|ipsec.conf]]:

<pre>

    rightsourceip=%dhcp

</pre>

The plugin may be configured using the following [[StrongswanConf|strongswan.conf]] options.

|Key|Default|Description|

|charon.plugins.dhcp.identity_lease|no|Derive user-defined MAC address from hash of IKEv2 identity|

|charon.plugins.dhcp.server|255.255.255.255|DHCP server unicast or broadcast IP address|