[Swan] Road warriors and dhcp

Thu Dec 31 20:10:41 UTC 2020

Hi,
Now that I have a working VPN for mobile users, I'm having trouble
assigning IPs on our local network. I'm thinking this is the best
place to start, rather than a DHCP list without knowledge about how a
VPN works.

Our internal LAN is 192.168.1.0/24 and we're issuing leases for mobile
workers are issued on 192.168.6.0/24.

Should I add a route from the 192.168.6.0 network to the 192.168.1.0
network for the mobile workers through DHCP?

I recall previously having to add the leftsubnet= parameter as a
separate connection. Is that necessary here too? Where do I get
started here?

I'm setting the segment in my config as such:
    # your addresspool to use - you might need NAT rules if providing
full internet to clients
    rightaddresspool=192.168.6.2-192.168.6.254

I'm also using shorewall for NAT on the 192.168.1.0/24 network. It
should also be doing NAT on the networks related to the VPN that was
already configured on this server.

My DHCP server config:

server-name "orion" ;
authoritative ;
option domain-name "inside.example.com example.com"
option T150 code 150 = string;
default-lease-time 86400;
max-lease-time 86400;
one-lease-per-client true;
allow bootp;

subnet 192.168.6.0 netmask 255.255.255.0 {
        authoritative;
        range 192.168.6.2 192.168.6.240;
        default-lease-time 43200;
        max-lease-time 86400;
        option subnet-mask 255.255.255.0;
        allow unknown-clients;
        option routers 192.168.6.1;
        option domain-name-servers 8.8.4.4;

}

subnet 192.168.1.0 netmask 255.255.255.0 {
        authoritative;
        range 192.168.1.105 192.168.1.140;
        default-lease-time 43200;
        max-lease-time 86400;
        option subnet-mask 255.255.255.0;
        allow unknown-clients;
}