<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Yudi,</p>
It works now exactly as you have it configured, probably the reason
it didn't work were because I had configured Charon to only listen
to the public interfaces.<br>
<p>Is it possible to assign some connecting clients by DHCP in one
VLAN, and other from another? <br>
</p>
<br>
<div class="moz-cite-prefix">On 2017-01-25 02:09, Yudi V wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CACo--ms7z0_ZDYZwZdS-wZjZQi8GnzG9ukO6DpHoJvP6KZhBAA@mail.gmail.com">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Jan 25, 2017 at 4:27 AM,
Dusan Ilic <span dir="ltr"><<a
href="mailto:dusan@comhem.se" target="_blank"
moz-do-not-send="true">dusan@comhem.se</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Hello Nikola,<br>
<br>
Well, br0 is the local LAN interface on the gateway and
the local LAN IP of the gateway (also DHCP-server) is
10.1.1.1.<br>
So in the network <a href="http://10.1.1.0/26"
rel="noreferrer" target="_blank" moz-do-not-send="true">10.1.1.0/26</a>,
10.1.1.63 is the local broadcast address.
<div class="gmail-HOEnZb">
<div class="gmail-h5"><br>
<br>
<br>
On 2017-01-24 00:17, Nikola Kolev wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
Hi,<br>
<br>
Maybe I'm misreading the bits you posted, but why
would you have your<br>
<br>
<blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
# DHCP server unicast or broadcast IP
address.<br>
server = 10.1.1.63<br>
</blockquote>
configured that way? Is that one and the same
interface (with 10.1.1.1<br>
on br0)? What is the reason of having a network
broadcast IP address set<br>
on a host?<br>
<br>
I would focus on either running dnsmasq with full
debug or strace-ing<br>
it to see what's causing that "Operation not
permitted".<br>
<br>
Cheers<br>
<br>
On Sun, 22 Jan 2017 22:33:06 +0100<br>
Dusan Ilic <<a href="mailto:dusan@comhem.se"
target="_blank" moz-do-not-send="true">dusan@comhem.se</a>>
wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
Hello,<br>
<br>
I have a problem with the DHCP plugin.<br>
I have Strongswan and DNSmasq on the same host (my
Linux gateway) and<br>
would like to issue IP adress from local LAN to
remote access users,<br>
however, I cant get it working. In the logging I
can see Strongswan<br>
sending DHCP Discover, and DNSmasq responding,
however directly after<br>
DNSmasq gives a strange error.<br>
<br>
Jan 22 20:46:42 R6250 <a
href="http://daemon.info" rel="noreferrer"
target="_blank" moz-do-not-send="true">daemon.info</a>
charon: 08[CFG] sending DHCP<br>
DISCOVER to 10.1.1.63 Jan 22 21:46:42 R6250 <a
href="http://daemon.info" rel="noreferrer"
target="_blank" moz-do-not-send="true">daemon.info</a>
dnsmasq-dhcp<br>
[7945]: DHCPDISCOVER(br0) 7a:a7:46:6b:f7:04 Jan 22
21:46:42 R6250<br>
<a href="http://daemon.info" rel="noreferrer"
target="_blank" moz-do-not-send="true">daemon.info</a>
dnsmasq-dhcp[7945]: DHCPOFFER(br0) 10.1.1.60<br>
7a:a7:46:6b:f7:04 Jan 22 21:46:42 R6250
daemon.warn dnsmasq-dhcp<br>
[7945]: Error sending DHCP packet to <a
href="http://10.1.1.1" rel="noreferrer"
target="_blank" moz-do-not-send="true">10.1.1.1</a>:
Operation not<br>
permitted Jan 22 20:46:47 R6250 <a
href="http://daemon.info" rel="noreferrer"
target="_blank" moz-do-not-send="true">daemon.info</a>
charon: 08[CFG] DHCP<br>
DISCOVER timed out<br>
<br>
10.1.1.1 is my gateway. 10.1.1.63 is broadcast
adress (local LAN<br>
<a href="http://10.1.1.0/26" rel="noreferrer"
target="_blank" moz-do-not-send="true">10.1.1.0/26</a>).
I have also tried changing broadcast in charon
settings<br>
to 255.255.255.255, but then there is no DHCPOFFER
seen in the logs.<br>
<br>
Jan 22 20:44:02 R6250 <a
href="http://daemon.info" rel="noreferrer"
target="_blank" moz-do-not-send="true">daemon.info</a>
charon: 09[CFG] sending DHCP<br>
DISCOVER to 255.255.255.255 Jan 22 20:44:03 R6250
<a href="http://daemon.info" rel="noreferrer"
target="_blank" moz-do-not-send="true">daemon.info</a>
charon:<br>
09[CFG] sending DHCP DISCOVER to 255.255.255.255
Jan 22 20:44:05<br>
R6250 <a href="http://daemon.info"
rel="noreferrer" target="_blank"
moz-do-not-send="true">daemon.info</a> charon:
09[CFG] sending DHCP DISCOVER to<br>
255.255.255.255 Jan 22 20:44:08 R6250 <a
href="http://daemon.info" rel="noreferrer"
target="_blank" moz-do-not-send="true">daemon.info</a>
charon: 09[CFG]<br>
sending DHCP DISCOVER to 255.255.255.255 Jan 22
20:44:12 R6250<br>
<a href="http://daemon.info" rel="noreferrer"
target="_blank" moz-do-not-send="true">daemon.info</a>
charon: 09[CFG] sending DHCP DISCOVER to
255.255.255.255<br>
Jan 22 20:44:17 R6250 <a
href="http://daemon.info" rel="noreferrer"
target="_blank" moz-do-not-send="true">daemon.info</a>
charon: 09[CFG] DHCP DISCOVER timed<br>
out<br>
<br>
Below is my DHCP-plugin config.<br>
<br>
dhcp {<br>
<br>
# Always use the configured server address.<br>
force_server_address = yes<br>
<br>
# Derive user-defined MAC address from hash
of IKE identity.<br>
# identity_lease = yes<br>
<br>
# Interface name the plugin uses for address
allocation.<br>
interface = br0 # Local interface where
DNSmasq is listening<br>
<br>
# Whether to load the plugin. Can also be an
integer to increase<br>
# the priority of this plugin.<br>
load = yes<br>
<br>
# DHCP server unicast or broadcast IP
address.<br>
server = 10.1.1.63<br>
<br>
}<br>
<br>
</blockquote>
<br>
</blockquote>
<br>
</div>
</div>
<div class="gmail-HOEnZb">
<div class="gmail-h5">
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org"
target="_blank" moz-do-not-send="true">Users@lists.strongswan.org</a><br>
<a
href="https://lists.strongswan.org/mailman/listinfo/users"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.strongswan.org/m<wbr>ailman/listinfo/users</a></div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div>
<div>
<div>Hi Dusan,<br>
<br>
</div>
I have a similar setup on an openwrt router, mine works
fine,<br>
</div>
The only difference is I dont use the "interface=" stanza in
the dhcp.conf and just use the standard broadcast address
192.168.1.255<br>
</div>
I have several VLANs, and just my changing the broadcast
address of the server I can get leases from the subnet/vlan I
want. <br>
<br>
-- <br>
<div class="gmail_signature">Kind regards,<br>
Yudi<br>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>