Dhcp over ipsec vpn



  • how can I get a dhcp address from the other end of the ipsec vpn? the tunnel is up. or How can I use a static ip from the other end ? Thanks



  • DHCP is a broadcast protocol and would require the IPsec VPN to be a bridge, putting you on the same network segment as the other end of the link.

    What are you trying to achieve?



  • DHCP relay should suffice. But it may not be wise to do that, if the Internet at one of the locations goes down the other end's network could stop functioning. Generally best to keep a local DHCP server at each site unless the remote sites cannot do anything without that VPN connectivity.



  • trying to get one ip from this end to use at the other end so it can have the same wan ip as me on this end.



  • You want the remote network to use your Internet link?  That doesn't require an IP in your subnet, that's just routing.



  • how would I set up Routing to do this ? Thanks :)



  • Simple
    a. Ensure that all the relevant routers at the Internet link side know how to route to the far side of the IPsec VPN
    b. Ensure that the default route for the VPN servers leads to your Internet link
    c. Ensure that the device(s) at the other end of the VPN link have a default route that points them towards your Internet link

    It would be easier to provide more specific detail with a detailed network diagram, including IP addresses.



  • pfsence on side #1 wan to  cable modem
    lan ip 172.16.35.1
    dhcp range 172.16.35.100 / 172.16.35.200
    subnet mask 255.255.255.0
    static wan ip
    no outher routers

    pfsence on side #2 wan to cable modem
    lan ip 10.10.10.1
    dhcp range 10.10.10.100 /10.10.10.200
    subnet mask 255.255.255.0
    static wan ip
    no outher routers

    ip sec tunnel that is up

    how to route from one pfsense box to use the internet connection on the far end insted of the internet connection on this end? please help thanks very much  :)

    Thanks



  • That's a rather strange diagram ;) Which network do you want to to use as the Internet link for both of them?

    Also, which version (number) of pfSense are you running?



  • would like to use this one as the internet link thanks..  ;) also running pfsense version 1.2.3-RELEASE

    pfsence on side #1 wan to  cable modem
    lan ip 172.16.35.1
    dhcp range 172.16.35.100 / 172.16.35.200
    subnet mask 255.255.255.0
    static wan ip
    no outher routers



  • You'll want to search the forum for routing over IPsec. I don't have an IPsec setup so I don't know how to get that working - most IPsec setups I've used however involve you telling the IPsec device what network(s) are at the remote end of the link. If pfSense has the same option then try telling it that 0.0.0.0/0 is that network (caution, this may not work and may break things).



  • I am trying to achieve the same thing. I want a WAN IP address from a remote location, both places running pfSense, via IPSec or any other method. I do have an active IPSec tunnel to my remote location, but I cannot figure out how to make BOTH locations have the SAME WAN IP. I have searched "routing over IPsec" within the forum to no avail. Any help at all would be greatly appreciated.


Locked