I did set up a RRAS-VPN-Server for our network. It works almost fine. The only thing missing is that I want to create a policy on DHCP that can be used to communicate special options to the VPN-clients: They should get some additional information for routing (option 121).
But I do not find a way to setup the policy-conditions that match the RRAS-Server's requests.
If I add a nonesense-condition like "MAC-Address NOT equal to DDDDDDDDDDDD", the options are communicated just fine to the VPN-Clients, but also to clients on the LAN.
What condition do I need to set for the VPN-Clients only?
Bottom-line: I am pretty sure, this cannot be done. At least not with a static address-pool.
I used wireshark to check the communication between the RRAS-Server and the DHCP. As far as I can see, there is nothing in there that can be used for a policy. Only the MAC-address could be an option, but it does not work unfortunately. Probably, because the RRAS ist just sending an "inform"-message to the DHCP, not a lease-request.