DHCP over VPN
Posted: Fri Oct 08, 2021 3:33 pm
I'm trying to apply some Access List rules to limit who can access what on our network while connected. We're currently using it on a flat network where the clients get DHCP from a networked DHCP server.
Here's what I've done:
Set up a deny all rule
Configured source/destination rules for each host to allow traffic to and from file servers, DNS, DHCP, etc.
Set up an allow all rule for IT so that our specific devices can still be used for offsite maintenance.
Everything is in the right order. But here's the catch; with these rules in place, DHCP no longer functions when a VPN connection is made (unless made from the IT group which takes higher priority than the blocking)
I have a rule that's supposed to allow all traffic to and from the DHCP server with higher priority than the block. (settings for both source and destination to allow all traffic from all hosts based on the IP address of the server)
If I statically assign an IP, I can access content from the server, and other resources based on the filtering rules I've applied suggesting that not all traffic is being blocked from the server - just DHCP.
If I turn off the block all rule, (or connect from the IT group) DHCP works fine which suggests its not likely a problem with DHCP configuration in SoftEther.
Any ideas?
Here's what I've done:
Set up a deny all rule
Configured source/destination rules for each host to allow traffic to and from file servers, DNS, DHCP, etc.
Set up an allow all rule for IT so that our specific devices can still be used for offsite maintenance.
Everything is in the right order. But here's the catch; with these rules in place, DHCP no longer functions when a VPN connection is made (unless made from the IT group which takes higher priority than the blocking)
I have a rule that's supposed to allow all traffic to and from the DHCP server with higher priority than the block. (settings for both source and destination to allow all traffic from all hosts based on the IP address of the server)
If I statically assign an IP, I can access content from the server, and other resources based on the filtering rules I've applied suggesting that not all traffic is being blocked from the server - just DHCP.
If I turn off the block all rule, (or connect from the IT group) DHCP works fine which suggests its not likely a problem with DHCP configuration in SoftEther.
Any ideas?