[vpn-help] DHCP over IPSEC to Fortigate: Do we get this resolved?
Matthew Grooms
mgrooms at shrew.net
Thu Jun 13 19:50:47 CDT 2013
On 6/12/2013 5:23 PM, Harondel J. Sibble wrote:
>
> On 9 Jun 2013 at 11:46, Matthew Grooms wrote:
>
>> On 6/6/2013 12:57 AM, Martin Hess wrote:
>>> Hi!
>>> I posted some time ago about an issue to aquire DHCP addresses through a
>>> IPSEC tunnel to a Fortigate:
>>> https://lists.shrew.net/pipermail/vpn-help/2013-February/014159.html
>>> https://lists.shrew.net/pipermail/vpn-help/2013-February/014172.html The
>>> problem still exists with the new 2.2.1 Pro Version. Thank you for any help!
>>
>>
>> Martin,
>>
>> I will take a look at this and get back to you as soon as I have found a
>> solution to the problem.
>
> Matthew, as back in the day when you first added Fortinet support, I have
> numerous Fortigate devices from 3.x to 5.x firmwares I can test with.
>
> Looking at the tunnels I have setup in Shrew on my desktop to some of the
> afore mentioned fortigate routers, I have them ALL set with static ip's
> rather than DHCP over IPSEC as I do remember issues with that functionality
> over the years.
>
The only device I have in my lab to test the DHCP over IPsec feature is
a Fortigate 50B which hasn't had it's firmware updated in some time. I
will order a 40C model here in the next day or two and try to do some
additional testing. There are also multiple hoto's posted online that
reference using the DHCP over IPsec feature of the client, so it could
be a compatibility issue with specific revisions of newer Fortigate
firmware.
http://vouters.dyndns.org/tima/Linux-Libreswan-Shrew-VPN-Testing_PAM_XAUTH_DHCP_with_Shrew.html
-Matthew
More information about the vpn-help
mailing list