<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:΢ÈíÑźÚ
}
--></style>
</head>
<body class='hmmessage'>
TKS for your patch,<div>I test it without the next-server configuration in dhcpd,</div><div>and It make the client get the right virtual IP address.</div><div><br></div><div>not the ip relation with virtual ip address is below:</div><div>DHCP Server:10.1.0.111</div><div>Server:10.1.0.1(192.168.0.7)</div><div>Client:10.1.0.122(192.168.0.15)</div><div><br></div><div>when I ping from client to server:</div><div>ping 10.1.0.1 -I 10.1.0.122, ping can reach the server,</div><div><br></div><div>but when I ping from client to DHCP Server:</div><div>ping 10.1.0.111 -I 10.1.0.122 </div><div>I found the ping packet on eth0(bind to IP 192.168.0.7 which connect to client)</div><div>but no ping packet on eth1(bind to IP 10.1.0.1 which connect to DHCP Server)</div><div><br></div><div>DO I NEED TO CONFIG THE ROUTE TABLE MANUALLY</div><div><br>below is the ipsec statusall's result,</div><div><br></div><div><div>debianleft:~# ipsec statusall host-host</div><div>Status of IKEv2 charon daemon (strongSwan 4.4.0):</div><div> uptime: 11 minutes, since Oct 18 23:12:07 2010</div><div> worker threads: 7 idle of 16, job queue load: 0, scheduled events: 2</div><div> loaded plugins: curl aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem openssl fips-prf xcbc hmac gmp attr kernel-netlink socket-raw farp stroke updown dhcp resolve</div><div>Listening IP addresses:</div><div> 192.168.0.7</div><div> 10.1.0.1</div><div>Connections:</div><div> host-host: 192.168.0.7...%any</div><div> host-host: local: [server@xxx.com] uses public key authentication</div><div> host-host: cert: " xxxxx"</div><div> host-host: remote: [%any] uses any authentication</div><div> host-host: child: 10.1.0.0/24 === dynamic</div><div>Security Associations:</div><div> host-host[1]: ESTABLISHED 11 minutes ago, 192.168.0.7[server@xxx.com]...192.168.0.15[client@xxx.com]</div><div> host-host[1]: IKE SPIs: 5593331acc599847_i 4d93fa753cf9969f_r*, public key reauthentication in 45 minutes</div><div> host-host[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048</div><div> host-host{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: c03a569c_i cf1a06d0_o</div><div> host-host{1}: AES_CBC_128/HMAC_SHA1_96, 53928 bytes_i (226s ago), 35196 bytes_o (226s ago), rekeying in 2 minutes</div><div> host-host{1}: 10.1.0.0/24 === 10.1.0.122/32</div><div><br></div><div><br></div>> Subject: RE: [strongSwan] why my can not get the ip from dhcp server<br>> From: martin@strongswan.org<br>> To: yadong_zhang@hotmail.com<br>> CC: users@lists.strongswan.org<br>> Date: Mon, 18 Oct 2010 12:36:06 +0200<br>> <br>> <br>> > but why we must need this parameters, it is the next server ip<br>> > address.<br>> <br>> Yes, we probably should prefer the 'server identifier' attribute instead<br>> of the 'siaddr' to send the REQUEST to.<br>> <br>> Please try the attached patch. It is completely untested, though.<br>> <br>> Regards<br>> Martin<br></div> </body>
</html>