As DHCPv4 is a well defined standard, almost any DHCP-Server can
be used as long as it supports the DHCP Relay Agent
Information Option. However, I recommend the usage of
the DHCP-Server released by the Internet Software Consortium (ISC):
http://www.isc.org/products/DHCP/.
More information can be found in the
DHCP mini-HOWTO
or the related README
file.
If the VPN-clients should not be given a IP out of the common address pool, either the DHCP Relay Agent Information Option or the Gateway Address can be used, to distinguish between VPN-clients and normal clients. The first contains the name of the ipsec device the request came from, the second is set to the gateway's IP address. The following sample shows how this may work. See Section 5.2 for a complete configuration file.
# vpn client class class "vpn-clients" { match if option agent.circuit-id = "ipsec0"; } subnet ... { ... # lan clients pool { deny members of "vpn-clients"; ... } # vpn clients pool { allow members of "vpn-clients"; ... } }