Next Previous Contents

3. DHCP-Server

3.1 Installation

As DHCPv4 is a well defined standard, almost any DHCP-Server can be used as long as it supports the DHCP Relay Agent Information Option. However, I recommend the usage of the DHCP-Server released by the Internet Software Consortium (ISC): http://www.isc.org/products/DHCP/. More information can be found in the DHCP mini-HOWTO or the related README file.

3.2 Configuration

If the VPN-clients should not be given a IP out of the common address pool, either the DHCP Relay Agent Information Option or the Gateway Address can be used, to distinguish between VPN-clients and normal clients. The first contains the name of the ipsec device the request came from, the second is set to the gateway's IP address. The following sample shows how this may work. See Section 5.2 for a complete configuration file.


# vpn client class
class "vpn-clients" {
  match if option agent.circuit-id = "ipsec0";
}

subnet ... {
  ...
  
# lan clients
  pool {
    deny members of "vpn-clients";
    ...
  }

  # vpn clients
  pool {
    allow members of "vpn-clients";
    ...
  }

}

General information about how to setup a DHCP-Server can be found either in the DHCP mini-HOWTO or in the man page of the DHCP-Server configuration file (dhcpd.conf (5)).


Next Previous Contents