<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9"> <TITLE>DHCPv4 Configuration of IPsec Tunnel Mode HOWTO: DHCP-Server</TITLE> <LINK HREF="ipsec-dhcp-howto-4.html" REL=next> <LINK HREF="ipsec-dhcp-howto-2.html" REL=previous> <LINK HREF="ipsec-dhcp-howto.html#toc3" REL=contents> </HEAD> <BODY> <A HREF="ipsec-dhcp-howto-4.html">Next</A> <A HREF="ipsec-dhcp-howto-2.html">Previous</A> <A HREF="ipsec-dhcp-howto.html#toc3">Contents</A> <HR> <H2><A NAME="s3">3. DHCP-Server</A></H2> <H2><A NAME="ss3.1">3.1 Installation</A> </H2> <P>As DHCPv4 is a well defined standard, almost any DHCP-Server can be used as long as it supports the <EM>DHCP Relay Agent Information Option</EM>. However, I recommend the usage of the DHCP-Server released by the Internet Software Consortium (ISC): <A HREF="http://www.isc.org/products/DHCP/">http://www.isc.org/products/DHCP/</A>. More information can be found in the <A HREF="http://www.tldp.org/HOWTO/mini/DHCP/">DHCP mini-HOWTO</A> or the related <CODE>README</CODE> file. <P> <H2><A NAME="ss3.2">3.2 Configuration</A> </H2> <P>If the VPN-clients should not be given a IP out of the common address pool, either the <EM>DHCP Relay Agent Information Option</EM> or the <EM>Gateway Address</EM> can be used, to distinguish between VPN-clients and normal clients. The first contains the name of the ipsec device the request came from, the second is set to the gateway's IP address. The following sample shows how this may work. See <A HREF="ipsec-dhcp-howto-6.html#dhcpd_conf">Section 6.2</A> for a complete configuration file. <HR> <PRE> # vpn client class class "vpn-clients" { match if option agent.circuit-id = "ipsec0"; } subnet ... { ... # lan clients pool { deny members of "vpn-clients"; ... } # vpn clients pool { allow members of "vpn-clients"; ... } } </PRE> <HR> General information about how to setup a DHCP-Server can be found either in the <A HREF="http://www.tldp.org/HOWTO/mini/DHCP/">DHCP mini-HOWTO</A> or in the man page of the DHCP-Server configuration file (<EM>dhcpd.conf (5)</EM>). <P> <HR> <A HREF="ipsec-dhcp-howto-4.html">Next</A> <A HREF="ipsec-dhcp-howto-2.html">Previous</A> <A HREF="ipsec-dhcp-howto.html#toc3">Contents</A> </BODY> </HTML>