AWS Override VPC DHCP - Additional Option Sets for RRAS VPN Clients
I am trying to run a RRAS VPN server that pulls from a windows DHCP server running on the same box. I am finding that the AWS DHCP is getting hit first with the DHCP request and it provides invalid information to my clients. I need to get the DHCP offers from my localhost DHCP server for the additional option fields (which cannot be specified in the VPC DHCP option set) instead of the VPC DHCP server. Is there any way I can either disable the VPC DHCP entirely or block the external offers on the RRAS firewall?
UPDATE 1/30/2015:
Thanks to the brilliant suggestion by Craig Watson, I was able to resolve this issue. My ultimate goal was to push multiple routes to my L2TP VPN clients using the DHCPINFORM mechanism on various platforms without screwing with vendor-specific issues. The final setup is as follows:
Windows 2012 R2 RRAS/DHCP Server:
- Physical LAN adapter with static IP on VPC subnet 10.150/16
- Microsoft Loopback Adapter with static IP (10.250.0.1) on subnet 10.250.0/24
- DHCP Server configured to provide leases in range 10.250.0.10-10.250.0.250
- DHCP Server bound only to the loopback interface
- RRAS configured to use Loopback adapter for DHCP/DNS/WINS
- DHCP Relay Agent configured with both Internal and Loopback interfaces.
- DHCP Relay Agent configured to point to 10.250.0.1
- DHCP Relay Agent has boot threshold set to 0 seconds on both interfaces (This fixed an issue I had with the DHCP requests being rejected for some reason)
With this setup I am able to provide complete DHCP services from Windows Server to my VPN clients despite being stuck with AWS-provided DHCP in the VPC.
Note that for this to work all IP assignments must be static or the DHCP and RRAS services will not be able to see the interfaces.
I have successfully received all of the correct routes on OSX and Windows when connecting to the L2TP tunnel without any additional client-side configuration.
Let me know in the comments if there is anything missing and I will update this post.
As far as I'm aware, this is simply not possible within an Amazon VPC, as they use DHCP for all of their IP assignments within a VPC subnet, static IP addresses are assigned by using Elastic Network Interfaces, which work in the same way as a DHCP reservation. Amazon Support will be able to confirm this though, so I'd suggest you contact them.
Your next-best solution is to create a virtual network on the Windows box, using the Loopback Adapter. You can then create a DHCP scope on this network, and essentially dual-home the box.
To create a NIC using the loopback driver (from the link above):
Start -> Computer -> Right-click, Properties -> Device Manager -> Computer Name, Right-click, Add Legacy Hardware -> Next -> Install the hardware I manually select from a list -> Next -> Network Adapters -> Microsoft on the right, Loopback adapter on the left -> Next
Once you have two functioning networks, it should be relatively straightforward to configure your RRAS clients to receive a DHCP address from the virtual scope and route to the Internet via your Amazon VPC's default gateway.