dhcp plugin » History » Version 8
Noel Kuntze, 22.08.2016 19:09
| 1 | 1 | Tobias Brunner | h1. dhcp plugin |
|---|---|---|---|
| 2 | 1 | Tobias Brunner | |
| 3 | 1 | Tobias Brunner | The _dhcp_ plugin allows to forward requests for [[VirtualIP|virtual IP addresses]] to a DHCP server. |
| 4 | 1 | Tobias Brunner | |
| 5 | 1 | Tobias Brunner | To enable the plugin, add |
| 6 | 1 | Tobias Brunner | <pre>--enable-dhcp</pre> to the [[InstallationDocumentation|./configure options]]. |
| 7 | 1 | Tobias Brunner | |
| 8 | 1 | Tobias Brunner | It is available since [[4.4.0]]. |
| 9 | 8 | Noel Kuntze | |
| 10 | 8 | Noel Kuntze | *The plugin only supports DHCP for IPv4.* |
| 11 | 1 | Tobias Brunner | |
| 12 | 1 | Tobias Brunner | h2. Behavior |
| 13 | 1 | Tobias Brunner | |
| 14 | 1 | Tobias Brunner | When an IKEv2 client requests a virtual IP address via a configuration payload, the plugin allows the daemon to forward this request to a DHCP server. By default the plugin uses broadcasts, but a designated DHCP server can be configured in [[StrongswanConf|strongswan.conf]]. |
| 15 | 1 | Tobias Brunner | |
| 16 | 1 | Tobias Brunner | DNS/WINS server information is additionally served to clients if the DHCP server provides such information. |
| 17 | 1 | Tobias Brunner | |
| 18 | 1 | Tobias Brunner | The MAC address used in the DHCP request is either randomly generated or can optionally be based on the IKEv2 identity of the client. |
| 19 | 1 | Tobias Brunner | |
| 20 | 1 | Tobias Brunner | In combination with the [[FARPPlugin|farp plugin]] this plugin lets a road-warrior act as a client on the local LAN of the responder. |
| 21 | 1 | Tobias Brunner | |
| 22 | 1 | Tobias Brunner | h2. Configuration |
| 23 | 1 | Tobias Brunner | |
| 24 | 1 | Tobias Brunner | To enable the plugin for a connection the following option must be specified in [[IpsecConf|ipsec.conf]]: |
| 25 | 1 | Tobias Brunner | <pre> |
| 26 | 1 | Tobias Brunner | rightsourceip=%dhcp |
| 27 | 1 | Tobias Brunner | </pre> |
| 28 | 1 | Tobias Brunner | |
| 29 | 1 | Tobias Brunner | The plugin may be configured using the following [[StrongswanConf|strongswan.conf]] options. |
| 30 | 1 | Tobias Brunner | |
| 31 | 1 | Tobias Brunner | |Key|Default|Description| |
| 32 | 4 | Tobias Brunner | |charon.plugins.dhcp.force_server_address|no|Always use the configured server address. See the note below for details.| |
| 33 | 5 | Tobias Brunner | |charon.plugins.dhcp.identity_lease|no|Derive user-defined MAC address from hash of IKEv2 identity.| |
| 34 | 5 | Tobias Brunner | |charon.plugins.dhcp.interface||Interface name the plugin uses for address allocation. The default is to bind to any (0.0.0.0) and let the system decide which way to route the packets to the DHCP server.| |
| 35 | 5 | Tobias Brunner | |charon.plugins.dhcp.server|255.255.255.255|DHCP server unicast or broadcast IP address.| |
| 36 | 1 | Tobias Brunner | |
| 37 | 6 | Tobias Brunner | *Note*: If the DHCP server runs on the same host as the daemon with DHCP plugin, you may need to enable _charon.plugins.dhcp.force_server_address_ and then set _charon.plugins.dhcp.server_ to the local broadcast address (e.g. 192.168.0.255). That's because some DHCP daemons do not listen on the loopback interface and, thus, can't be reached via unicast (or even broadcast, 255.255.255.255) from the same host. |