DHCP and Simple Hub ACL Discussion

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
dsadmin
Posts: 4
Joined: Tue Oct 08, 2019 2:34 pm

DHCP and Simple Hub ACL Discussion

Post by dsadmin » Tue Oct 08, 2019 2:57 pm

I have cascaded VPN for redundancy (with VMware SMP FT on the main controller).

I am trying to keep my clients from ever knowing about each other. I want them to talk to one IP and even then only on certain ports. I also only want that one IP to initiate communications to the clients only on specific ports.

The port restrictions will vary but this is not where I need help. Where I need help is at the end of my rules I need a deny all other traffic rule. This is causing me problems with DHCP.

I have tried allowing all 67/68 UDP and also from 0.0.0.0 to 255.255.255.255. This needs to specific to DHCP. I would love to deny that broadcast to the other clients, but that might not be possible; but if it is that is great too (it's denied with a client firewall now). It seems none of what I have tried works, it always causes DHCP process to fail. I am not sure what I am missing, also where can I find the log file with all the denials, that might help me classify the traffic being denied and allow it.

Thoughts?

dsadmin
Posts: 4
Joined: Tue Oct 08, 2019 2:34 pm

Re: DHCP and Simple Hub ACL Discussion

Post by dsadmin » Wed Oct 09, 2019 3:05 am

What I ended up doing was simply allowing Source Ports udp/67-68 to Destination Ports udp/67-68 and it seems to work. I tried to specify broadcast only but that did not seem to work.

ozone
Posts: 33
Joined: Thu Sep 19, 2019 7:18 pm

Re: DHCP and Simple Hub ACL Discussion

Post by ozone » Wed Oct 09, 2019 3:25 pm

I tried to specify broadcast only....
I was intrigued how you did the above in SE???

Post Reply