Dhcp over ipsec vpn
-
DHCP is a broadcast protocol and would require the IPsec VPN to be a bridge, putting you on the same network segment as the other end of the link.
What are you trying to achieve?
-
DHCP relay should suffice. But it may not be wise to do that, if the Internet at one of the locations goes down the other end's network could stop functioning. Generally best to keep a local DHCP server at each site unless the remote sites cannot do anything without that VPN connectivity.
-
trying to get one ip from this end to use at the other end so it can have the same wan ip as me on this end.
-
You want the remote network to use your Internet link? That doesn't require an IP in your subnet, that's just routing.
-
how would I set up Routing to do this ? Thanks :)
-
Simple
a. Ensure that all the relevant routers at the Internet link side know how to route to the far side of the IPsec VPN
b. Ensure that the default route for the VPN servers leads to your Internet link
c. Ensure that the device(s) at the other end of the VPN link have a default route that points them towards your Internet linkIt would be easier to provide more specific detail with a detailed network diagram, including IP addresses.
-
pfsence on side #1 wan to cable modem
lan ip 172.16.35.1
dhcp range 172.16.35.100 / 172.16.35.200
subnet mask 255.255.255.0
static wan ip
no outher routerspfsence on side #2 wan to cable modem
lan ip 10.10.10.1
dhcp range 10.10.10.100 /10.10.10.200
subnet mask 255.255.255.0
static wan ip
no outher routersip sec tunnel that is up
how to route from one pfsense box to use the internet connection on the far end insted of the internet connection on this end? please help thanks very much :)
Thanks
-
That's a rather strange diagram ;) Which network do you want to to use as the Internet link for both of them?
Also, which version (number) of pfSense are you running?
-
would like to use this one as the internet link thanks.. ;) also running pfsense version 1.2.3-RELEASE
pfsence on side #1 wan to cable modem
lan ip 172.16.35.1
dhcp range 172.16.35.100 / 172.16.35.200
subnet mask 255.255.255.0
static wan ip
no outher routers -
You'll want to search the forum for routing over IPsec. I don't have an IPsec setup so I don't know how to get that working - most IPsec setups I've used however involve you telling the IPsec device what network(s) are at the remote end of the link. If pfSense has the same option then try telling it that 0.0.0.0/0 is that network (caution, this may not work and may break things).
-
I am trying to achieve the same thing. I want a WAN IP address from a remote location, both places running pfSense, via IPSec or any other method. I do have an active IPSec tunnel to my remote location, but I cannot figure out how to make BOTH locations have the SAME WAN IP. I have searched "routing over IPsec" within the forum to no avail. Any help at all would be greatly appreciated.
