We should support dhcp-interface for the ipsec remote-access VPN to have parity with site-to-site. This is a niche usecase mostly applicable to homelabs (and maybe the rare SMB site), but is trivial to implement.
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- -
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Unspecified (please specify)
Revisions and Commits
Revisions and Commits
Restricted Diffusion Commit |
Event Timeline
Comment Actions
Hi.
commit 40b0986d66c3a0891dedbedc273b5485e5a8ca3a Author: Lucas Christian <[email protected]> Date: Sat Feb 10 11:26:47 2024 -0800 T5872: further fixes to ipsec dhcp exit hook (cherry picked from commit 92012a0b3db8e93b10db4137414073f0371ed8cc)
- This commit brings the regression with DHCP default routes. In this commit all "return" calls were replaced with "exit" calls (and added a few of new "exit" calls).
- In case of exit call dhclient stops execution rest of the scripts at all
- However, isc-dhcp-client package contains /etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes file where DHCP default gateway is added
- Due to the alphabetic order this script goes after 99-ipsec-dhclient-hook and never executed
- To proove that dhclient never executes any script after the exit, you can create a simple file like: /etc/dhcp/dhclient-exit-hooks.d/00-test with only one string: "exit"