[vpn-help] VPN client not supporting DHCP on host ?
Matthew Grooms
mgrooms at shrew.net
Thu Aug 5 02:56:32 CDT 2010
On 7/31/2010 6:41 PM, Robert Grasso wrote:
> Hello,
>
> I have been using this client for a while on my home desktop (configuration specs below), in order to connect onto a Fortigate : so far so good. Now I am trying to prepare a netbook for travelling : if its adress is dynamic, the tunnel does not establish, and I get in iked.log :
>
> "10/08/01 01:10:53 !! : failed to bind DHCP socket"
>
Hi Robert,
I took some time to look into this issue. To be honest, I'm surprised it
hasn't been reported before. The cause is simple. The system DHCP client
binds to 0.0.0.0/0 port 68 which is the standard bootp client UDP port.
Since the DHCP protocol specifies that a server should only respond to a
client on port 68, you can't have two DHCP clients on a single system
because they can't both bind to the same port. I won't bore you with
details, but DHCP over IPsec really can't be provided by your general
purpose system DHCP client. For more info, have a look at RFC 3456 which
is incredibly flawed IMO.
In any case, the only way I could see to get around this was to modify
our embedded DHCP client to act like its a DHCP relay agent. This type
of communication happens from port 67 -> 67 which is for BOOTP server.
In other words, we can bind to this port even when a system DHCP client
is active since it uses port 68. I tested this with my Fortigate and
everything worked like it should, so I rolled the changes into 2.1.6
release candidate 2. Have a look at the download page for more info.
-Matthew
More information about the vpn-help
mailing list