dhcp plugin for
libcharon allows to forward requests for
virtual IP addresses to a
The plugin is disabled by default and can be enabled with the
When an IKEv2 client requests a
virtual IP address
CP configuration payload, the plugin allows the daemon to forward this
request to a
DHCP server. By default the plugin uses broadcasts, but a
DHCP server can be configured in
MAC address used in the
DHCP request is either randomly generated or can
optionally be based on the IKEv2 identity of the client.
information is additionally served to clients if the
DHCP server provides
In combination with the
farp plugin this plugin lets a
road-warrior fully act as a client on the local
LAN of the responder.
The following entry in
the plugin for a connection:
connections.<conn>.pools = dhcp
dhcp plugin is configured using the following options in the
Always use the configured server address
Derive user-defined MAC address from hash of IKE identity. The client identity
Interface name the plugin uses for address allocation. The default is to bind
to any (
dhcp.force_server_addressand then set
dhcp.serverto the local broadcast address, e.g.
192.168.0.255. That’s because some
DHCPdaemons do not listen on the loopback interface and thus can’t be reached via unicast (or even broadcast
255.255.255.255) from the same host.
DHCPserver will always send packets to the
DHCPserver port and if no process binds that port an
ICMP port unreachablemessage will be sent back that might be problematic for some
DHCPservers. To avoid that, enabling this option will cause the plugin to bind the
DHCPserver port to send its requests when acting as relay agent. This is not necessary if a DHCP server is already running on the same host and might even cause conflicts and since the server port is already bound,
ICMPmessages should not be an issue.