DHCP And IPSEC Together
Note that this
does not work with kernel 2.6.9
(the only I have tried)!
Rationale
While having DHCP and IPSEC operating on the one interface may
seem a little silly, it does make a great deal of sense for me.
I have a laptop, and a wireless network. I also have a wired network.
The wireless network requires using IPSEC or CIPE or some other
encryption and authentication technique. On the other hand,
DHCP simplifies network administration. And the significance of
having two networks is that there are times when the wired network
is more appropriate, such as transferring large quantities of data,
or uprading the system from a file server.
Having DHCP on both interfaces of the laptop means I can
use either connection and it will be appropriately configured.
I like that idea!
Complications
There were a number of complications involved in making this all work. The client
is running RedHat 7.3, and the server is still on RedHat 7.2.
Software upgrades migrate slowly to servers!
The DHCP server is version 3 of
Internet Software Consortium's
DHCP server. I use this because it allows dynamic updates
of the DNS server. While both DHCP
and IPSEC quite happily operate, the combination introduces
a few problems, especially with what is effectively a direct
connection between the laptop and the server - the wireless
link is effectively transparent.
One objective was to make the laptop end a stock installation,
apart from needing to add IPSEC. This has been achieved,
with the one exception that there is a bug in RedHat 7.3's dhcpcd
program (dhcpcd-1.3.22pl1-7). This
can
be worked around from the DHCP server, but it is better to fix
the client. Details are available at
RedHat's bugzilla
database.
Client Configuration
Version: $Revision: 1.4 $;
Updated at 15:47 EST on Tue Apr 11, 2006
Copyright (C) 2002 - 2006, Lindsay Harris