DHCP And IPSEC Together

Note that this does not work with kernel 2.6.9 (the only I have tried)!


While having DHCP and IPSEC operating on the one interface may seem a little silly, it does make a great deal of sense for me. I have a laptop, and a wireless network. I also have a wired network. The wireless network requires using IPSEC or CIPE or some other encryption and authentication technique. On the other hand, DHCP simplifies network administration. And the significance of having two networks is that there are times when the wired network is more appropriate, such as transferring large quantities of data, or uprading the system from a file server. Having DHCP on both interfaces of the laptop means I can use either connection and it will be appropriately configured. I like that idea!


There were a number of complications involved in making this all work. The client is running RedHat 7.3, and the server is still on RedHat 7.2. Software upgrades migrate slowly to servers! The DHCP server is version 3 of Internet Software Consortium's DHCP server. I use this because it allows dynamic updates of the DNS server. While both DHCP and IPSEC quite happily operate, the combination introduces a few problems, especially with what is effectively a direct connection between the laptop and the server - the wireless link is effectively transparent.

One objective was to make the laptop end a stock installation, apart from needing to add IPSEC. This has been achieved, with the one exception that there is a bug in RedHat 7.3's dhcpcd program (dhcpcd-1.3.22pl1-7). This can be worked around from the DHCP server, but it is better to fix the client. Details are available at RedHat's bugzilla database.

Client Configuration

Version: $Revision: 1.4 $; Updated at 15:47 EST on Tue Apr 11, 2006
Copyright (C) 2002 - 2006, Lindsay Harris