Server Configuration I

DHCP Server

There's really little different about the DHCP server configuration, with perhaps one exception. If you have the broken DHCP client, the brokeness results in the client starting with one IP address, then getting a different one at the first renewal, typically about 75 seconds after the first. This kills the IPSEC link as the address underneath has changed, althoug IPSEC does NOT know about that, and hence the two ends can't connect.

The new IP address is issued because the (broken) client sends a DHCPDISCOVER message, which the server obliges by pinging the old (and still in use on the client) IP address, and getting a response. This causes the server to believe that address is in use - which is correct, because the client is using it; the broken DHCP client's error makes it think otherwise.

On the server, this can be avoided by disabling the ping before responding to the DHCPDISCOVER message. This is not a good idea! The ping will stop any accidental duplication of IP addresses, and is a good thing. However, you may not have a choice if you don't fix the client. The ping is stopped by adding the line

ping-check  false;

to the subnet section of the configuration file /etc/dhcpd.conf for the wireless link (and restarting the server, obviously).

Client Configuration
Server Configuration II

Version: $Revision: 1.2 $; Updated at 15:47 EST on Tue Apr 11, 2006
Copyright (C) 2002 - 2006, Lindsay Harris