Re: DHCP inform in VPN tunnel
Roy Marples
Mon Mar 12 11:22:37 2018
Hi Maxim
On 12/03/2018 10:30, Maxim Loschilov wrote:
According to additional investigation, network interfaces are used
differently than it was expected. So seems that another dhcpcd config
is needed.
The following manipulations are made with the interfaces during VPN
tunnel setup:
1) When device boots up, there is one interface 'eth0'. On this interface
DHCP starts and gets IP address in the home network.
2) When VPN tunnel is then setup, 'eth0' is reconfigured to be used as
VPN interface
with IP address from private network provided by VPN Gateway.
Then DHCP INFORM is sent in the private network to get other network params.
And for common network a new interface 'eth0:0' is set up which is
configured with IP address that 'eth0' previously had.
:N is just an aliased address to the interface.
A VPN should be using it's own interface such as eth1, tap0 or tun0.
At most it would replace the default route and provide it's own
resolv.conf for DNS.
So it seems that in terms of DHCP operations the following is needed:
1) When the phone boots up, to perform a standard DHCP DISCOVER/REQUEST
for 'eth0'.
2) After VPN tunnel is set up and private network IP address is assigned
to 'eth0',
DHCP INFORM should be sent via this interface to the private network.
As IP address is static, seems that DCHP can be finished on this interface.
In the mean time when 'eth0:0' is created, need to take over current
DHCP lease
that was on 'eth0' and then to maintain it and renew when necessary for
the whole time when VPN tunnel exists.
How can this scenario may be implemented using 'dhcpcd'?
It can't, and neither can any DHCP client because you have two upstream
DHCP servers managing one interface.
You need to split this onto two interfaces (and no, aliased addresses as
above do not count as split interfaces) and then it can work.
Roy
Archive administrator: postmaster@marples.name