In order to enable DHCP Service on CloudGenix, you will need to follow these steps:

  1. Setting the IPSec Tunnel Interface

  2. Configure a DHCP Relay and disable DHCP Server

  3. Add a Cloudi-Fi Service Group

  4. Create a path policy to route DHCP traffic through the Tunnel

VPN IPSec profile configuration

Add a new VPN Profile named Cloudi-Fi with the following criteria

IKE Group

  • Version: IKEv2

  • Liftetime: 24h

  • Mode: Main

  • Proposals

    • DH Groups: modp-2048

    • Encryption: AES-256-CBC

    • Hash: SHA-512

  • Dead Peer Detection: Yes

ESP Group

  • Lifetime: 8

  • Proposals:

    • DH Groups: modp-2048

    • Encryption: AES-256-CBC

    • Hash: SHA-512


  • Type: PSK

  • Secret: <provided by Cloudi-Fi support team>

  • Local ID: Interface IP Address

  • Remote ID:

Interface configuration

Create a new ipsec network interface in order to route the DHCP traffic to Cloudi-Fi Cloud Solution.

  • Interface type: Standard

  • Scope: Local

  • Inner Tunnel IP Address: <ask cloudi-fi support team>

  • Peer IP:

  • IPsec profile: Cloudi-Fi

  • Parent Interface: Internet Outbound Interface

DHCP Service configuration

Configure your local network interface

Go to Interfaces

Select your internal Port and set your IP Address which will be the default gateway for your Guest users.

Enable your DHCP Relay and set Cloudi-FI DHCP server IP address.

Set the source interface matching your Guest interface IP address.

Cloudi-Fi Service Endpoint creation

Create a Cloudi-Fi service end point under stacked Policies/service and DC groups / endpoint (top right)

Create a new endpoint Cloudi-Fi of type standard vpn

Add a new group named Cloudi-fi for exemple and select Cloudi-fi endpoint you just created

Create a path policy

Add a new path policy using the following criteria

  • Classification: App DHCP

  • Action

    • Active path: Standard VPN on Any public

    • Assign Service & DC Group: Cloudi-Fi

  • All other parameters can be set to default

All DHCP traffic will be forwarded over Cloudi-Fi IPSec tunnel

Did this answer your question?