Use external DHCP server with SoftEther VPN

[hatimux]

Hi,

I'm wonderring if it is possible to use an external DHCP server with the SoftEther VPN server?
What I want is to provide static IP addresses to users (the user will have the same IP address whereever it connects) which is not possible with the SecureNAT function of SoftEther VPN.

Any idea?
Thank you in advance!

[kh_tsang]

You may ask the users to use a specific mac address on their VPN adapter. However, I don't think it can be done if you are using L2TP/IPsec connections.

[hatimux]

Thanks for your reply.

I want this to work just for SSL VPN.
It might be a good idea to bind the IP address with the MAC Address even I prefer it to be bound to the username.
But how can I bind the IP address to the MAC using SoftEther VPN??

[Petrol]

You can use an external DHCP server, it works great. (I'm doing it under linux)

I suggest you to look at this link ( http://blog.lincoln.hk/blog/2013/05/17/ ... al-bridge/ ). It will explain you how to create a local bridge and it will provide you a starter configuration for the DHCP server (which is dnsmasq in the link). After that you can configure the DHCP server to give specific IP to a client based on its MAC address.

I have no Idea how to bind a specific IP to a user based on its username. Actually I don't think it is possible at all because with Softether, it is possible to have multiple instances of a user connected simultaneously to the server. In that case it would result with multiple computers in the network having the same IP address.

[kh_tsang]

You can use the access control to restrict the mac address can be used by each user, but users still need to configure their mac address manually.

For IP assignment, binding IP and mac should be done by the external dhcp server. In the security policy of the user, enforce using IP assigned by the DHCP server.

[hatimux]

Thanks Petrol and kh_tsang for your answers. I managed to add a dhcp server and it is working.

For the assignement of IP addresses per user, I think it is possible to use a Radius server but I'm not sure if the SoftEther server can relay IP assignement for users. What do you think?

[kh_tsang]

I have no idea about that.

[Petrol]

I might be completly but I don't think that a radius server can do anything else than Authenticating a user.

[hatimux]

It is rather possible. You can look here: http://wiki.freeradius.org/guide/dhcp-f ... allocation
There is also a radisu option "Framed-IP-Address" that allow allocating addresses to users.

There are other radius solutions that provide the dhcp function like "Radiator", except I'm trying to make it work with freeRadius.