<div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#FFFFFF"><div><div class="gmail-h5">
<div class="gmail-m_4569686156595887173moz-cite-prefix">On 2017-01-25 02:09, Yudi V wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Jan 25, 2017 at 4:27 AM,
Dusan Ilic <span dir="ltr"><<a href="mailto:dusan@comhem.se" target="_blank">dusan@comhem.se</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello Nikola,<br>
<br>
Well, br0 is the local LAN interface on the gateway and
the local LAN IP of the gateway (also DHCP-server) is
10.1.1.1.<br>
So in the network <a href="http://10.1.1.0/26" rel="noreferrer" target="_blank">10.1.1.0/26</a>,
10.1.1.63 is the local broadcast address.
<div class="gmail-m_4569686156595887173gmail-HOEnZb">
<div class="gmail-m_4569686156595887173gmail-h5"><br>
<br>
<br>
On 2017-01-24 00:17, Nikola Kolev wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Hi,<br>
<br>
Maybe I'm misreading the bits you posted, but why
would you have your<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
# DHCP server unicast or broadcast IP
address.<br>
server = 10.1.1.63<br>
</blockquote>
configured that way? Is that one and the same
interface (with 10.1.1.1<br>
on br0)? What is the reason of having a network
broadcast IP address set<br>
on a host?<br>
<br>
I would focus on either running dnsmasq with full
debug or strace-ing<br>
it to see what's causing that "Operation not
permitted".<br>
<br>
Cheers<br>
<br>
On Sun, 22 Jan 2017 22:33:06 +0100<br>
Dusan Ilic <<a href="mailto:dusan@comhem.se" target="_blank">dusan@comhem.se</a>>
wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Hello,<br>
<br>
I have a problem with the DHCP plugin.<br>
I have Strongswan and DNSmasq on the same host (my
Linux gateway) and<br>
would like to issue IP adress from local LAN to
remote access users,<br>
however, I cant get it working. In the logging I
can see Strongswan<br>
sending DHCP Discover, and DNSmasq responding,
however directly after<br>
DNSmasq gives a strange error.<br>
<br>
Jan 22 20:46:42 R6250 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a>
charon: 08[CFG] sending DHCP<br>
DISCOVER to 10.1.1.63 Jan 22 21:46:42 R6250 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a>
dnsmasq-dhcp<br>
[7945]: DHCPDISCOVER(br0) 7a:a7:46:6b:f7:04 Jan 22
21:46:42 R6250<br>
<a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a>
dnsmasq-dhcp[7945]: DHCPOFFER(br0) 10.1.1.60<br>
7a:a7:46:6b:f7:04 Jan 22 21:46:42 R6250
daemon.warn dnsmasq-dhcp<br>
[7945]: Error sending DHCP packet to <a href="http://10.1.1.1" rel="noreferrer" target="_blank">10.1.1.1</a>:
Operation not<br>
permitted Jan 22 20:46:47 R6250 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a>
charon: 08[CFG] DHCP<br>
DISCOVER timed out<br>
<br>
10.1.1.1 is my gateway. 10.1.1.63 is broadcast
adress (local LAN<br>
<a href="http://10.1.1.0/26" rel="noreferrer" target="_blank">10.1.1.0/26</a>).
I have also tried changing broadcast in charon
settings<br>
to 255.255.255.255, but then there is no DHCPOFFER
seen in the logs.<br>
<br>
Jan 22 20:44:02 R6250 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a>
charon: 09[CFG] sending DHCP<br>
DISCOVER to 255.255.255.255 Jan 22 20:44:03 R6250
<a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a>
charon:<br>
09[CFG] sending DHCP DISCOVER to 255.255.255.255
Jan 22 20:44:05<br>
R6250 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> charon:
09[CFG] sending DHCP DISCOVER to<br>
255.255.255.255 Jan 22 20:44:08 R6250 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a>
charon: 09[CFG]<br>
sending DHCP DISCOVER to 255.255.255.255 Jan 22
20:44:12 R6250<br>
<a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a>
charon: 09[CFG] sending DHCP DISCOVER to
255.255.255.255<br>
Jan 22 20:44:17 R6250 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a>
charon: 09[CFG] DHCP DISCOVER timed<br>
out<br>
<br>
Below is my DHCP-plugin config.<br>
<br>
dhcp {<br>
<br>
# Always use the configured server address.<br>
force_server_address = yes<br>
<br>
# Derive user-defined MAC address from hash
of IKE identity.<br>
# identity_lease = yes<br>
<br>
# Interface name the plugin uses for address
allocation.<br>
interface = br0 # Local interface where
DNSmasq is listening<br>
<br>
# Whether to load the plugin. Can also be an
integer to increase<br>
# the priority of this plugin.<br>
load = yes<br>
<br>
# DHCP server unicast or broadcast IP
address.<br>
server = 10.1.1.63<br>
<br>
}<br>
<br>
</blockquote>
<br>
</blockquote>
<br>
</div>
</div>
<div class="gmail-m_4569686156595887173gmail-HOEnZb">
<div class="gmail-m_4569686156595887173gmail-h5">
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/m<wbr>ailman/listinfo/users</a></div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div>
<div>
<div>Hi Dusan,<br>
<br>
</div>
I have a similar setup on an openwrt router, mine works
fine,<br>
</div>
The only difference is I dont use the "interface=" stanza in
the dhcp.conf and just use the standard broadcast address
192.168.1.255<br>
</div>
I have several VLANs, and just my changing the broadcast
address of the server I can get leases from the subnet/vlan I
want. <br>
<br>
-- <br>
<div class="gmail-m_4569686156595887173gmail_signature">Kind regards,<br>
Yudi<br>
</div>
</div>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div><br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#FFFFFF"><p>Is it possible to assign some connecting clients by DHCP in one
VLAN, and other from another? <br>
</p><div><div class="gmail-h5"><br></div></div></div></blockquote><div><div class="gmail_extra">I guess you can use:<br><em>rightsourceip = <from>-<to></em></div><div class="gmail_extra"><br></div>and
remove this subset from DHCP leases given out by the server. This can
be done with openWRT. By default openWRT only starts issuing leases from
50 or 100 offset from the network address.</div><div>KR<br></div>yudi <div class="gmail_extra"><br></div></div>