In order to enable DHCP Service on CloudGenix, you will need to follow these steps:
VPN IPSec profile configuration
Add a new VPN Profile named Cloudi-Fi with the following criteria
IKE Group
Version: IKEv2
Liftetime: 24h
Mode: Main
Proposals
DH Groups: modp-2048
Encryption: AES-256-CBC
Hash: SHA-512
Dead Peer Detection: Yes
ESP Group
Lifetime: 8
Proposals:
DH Groups: modp-2048
Encryption: AES-256-CBC
Hash: SHA-512
Authentication
Type: PSK
Secret: <provided by Cloudi-Fi support team>
Local ID: Interface IP Address
Remote ID: 51.91.106.238
Interface configuration
Create a new ipsec network interface in order to route the DHCP traffic to Cloudi-Fi Cloud Solution.
Interface type: Standard
Scope: Local
Inner Tunnel IP Address: <ask cloudi-fi support team>
Peer IP: 51.91.106.238
IPsec profile: Cloudi-Fi
Parent Interface: Internet Outbound Interface
DHCP Service configuration
Configure your local network interface
Go to Interfaces
Select your internal Port and set your IP Address which will be the default gateway for your Guest users.
Enable your DHCP Relay and set Cloudi-FI DHCP server IP address.
Set the source interface matching your Guest interface IP address.
Cloudi-Fi Service Endpoint creation
Create a Cloudi-Fi service end point under stacked Policies/service and DC groups / endpoint (top right)
Create a new endpoint Cloudi-Fi of type standard vpn
Add a new group named Cloudi-fi for exemple and select Cloudi-fi endpoint you just created
Create a path policy
Add a new path policy using the following criteria
Classification: App DHCP
Action
Active path: Standard VPN on Any public
Assign Service & DC Group: Cloudi-Fi
All other parameters can be set to default
All DHCP traffic will be forwarded over Cloudi-Fi IPSec tunnel