blob: ed7525c8718fcfcfe862d455ca0db13fb2d3c527 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
|
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS/WINS server
information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned statically
by <b>venus</b> based on the user-defined MAC address derived by the <b>dhcp</b> plugin from a hash over
the client identity. This deterministic MAC generation is activated with the strongswan.conf setting
<b>charon.plugins.dhcp.identity_lease = yes</b>.
<p/>
With the static assignment of 10.1.0.30 and 10.1.0.40, respectively, <b>carol</b> and <b>dave</b>
become full members of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to
the <b>farp</b> plugin through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b>
who wants to ping <b>carol</b> and <b>dave</b>.
|