Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dhcp over ipsec vpn

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    12 Posts 4 Posters 10.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      khoff6061
      last edited by

      how can I get a dhcp address from the other end of the ipsec vpn? the tunnel is up. or How can I use a static ip from the other end ? Thanks

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        DHCP is a broadcast protocol and would require the IPsec VPN to be a bridge, putting you on the same network segment as the other end of the link.

        What are you trying to achieve?

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          DHCP relay should suffice. But it may not be wise to do that, if the Internet at one of the locations goes down the other end's network could stop functioning. Generally best to keep a local DHCP server at each site unless the remote sites cannot do anything without that VPN connectivity.

          1 Reply Last reply Reply Quote 0
          • K
            khoff6061
            last edited by

            trying to get one ip from this end to use at the other end so it can have the same wan ip as me on this end.

            1 Reply Last reply Reply Quote 0
            • Cry HavokC
              Cry Havok
              last edited by

              You want the remote network to use your Internet link?  That doesn't require an IP in your subnet, that's just routing.

              1 Reply Last reply Reply Quote 0
              • K
                khoff6061
                last edited by

                how would I set up Routing to do this ? Thanks :)

                1 Reply Last reply Reply Quote 0
                • Cry HavokC
                  Cry Havok
                  last edited by

                  Simple
                  a. Ensure that all the relevant routers at the Internet link side know how to route to the far side of the IPsec VPN
                  b. Ensure that the default route for the VPN servers leads to your Internet link
                  c. Ensure that the device(s) at the other end of the VPN link have a default route that points them towards your Internet link

                  It would be easier to provide more specific detail with a detailed network diagram, including IP addresses.

                  1 Reply Last reply Reply Quote 0
                  • K
                    khoff6061
                    last edited by

                    pfsence on side #1 wan to  cable modem
                    lan ip 172.16.35.1
                    dhcp range 172.16.35.100 / 172.16.35.200
                    subnet mask 255.255.255.0
                    static wan ip
                    no outher routers

                    pfsence on side #2 wan to cable modem
                    lan ip 10.10.10.1
                    dhcp range 10.10.10.100 /10.10.10.200
                    subnet mask 255.255.255.0
                    static wan ip
                    no outher routers

                    ip sec tunnel that is up

                    how to route from one pfsense box to use the internet connection on the far end insted of the internet connection on this end? please help thanks very much  :)

                    Thanks

                    1 Reply Last reply Reply Quote 0
                    • Cry HavokC
                      Cry Havok
                      last edited by

                      That's a rather strange diagram ;) Which network do you want to to use as the Internet link for both of them?

                      Also, which version (number) of pfSense are you running?

                      1 Reply Last reply Reply Quote 0
                      • K
                        khoff6061
                        last edited by

                        would like to use this one as the internet link thanks..  ;) also running pfsense version 1.2.3-RELEASE

                        pfsence on side #1 wan to  cable modem
                        lan ip 172.16.35.1
                        dhcp range 172.16.35.100 / 172.16.35.200
                        subnet mask 255.255.255.0
                        static wan ip
                        no outher routers

                        1 Reply Last reply Reply Quote 0
                        • Cry HavokC
                          Cry Havok
                          last edited by

                          You'll want to search the forum for routing over IPsec. I don't have an IPsec setup so I don't know how to get that working - most IPsec setups I've used however involve you telling the IPsec device what network(s) are at the remote end of the link. If pfSense has the same option then try telling it that 0.0.0.0/0 is that network (caution, this may not work and may break things).

                          1 Reply Last reply Reply Quote 0
                          • M
                            MoNoxiDe31337
                            last edited by

                            I am trying to achieve the same thing. I want a WAN IP address from a remote location, both places running pfSense, via IPSec or any other method. I do have an active IPSec tunnel to my remote location, but I cannot figure out how to make BOTH locations have the SAME WAN IP. I have searched "routing over IPsec" within the forum to no avail. Any help at all would be greatly appreciated.

                            "Each day is a gift. Not a given right."

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.