<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">I have noticed that Windows 10 is not asking for DHCP though</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">May  3 16:55:37 ip-10-0-5-202 charon-systemd[30549]: parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]</span></div></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Where as OSX is</span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">May  3 16:53:07 ip-10-0-5-202 charon-systemd[30505]: parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR <b class="">DHCP</b> DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]</span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div></span></div><div class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><br class=""></div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><br class=""></div><a href="http://www.naimuri.com" class="">
</a></div><div><br class=""><blockquote type="cite" class=""><div class="">On 3 May 2018, at 17:34, Christian Salway <<a href="mailto:christian.salway@naimuri.com" class="">christian.salway@naimuri.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=us-ascii" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi,<div class=""><br class=""></div><div class="">I've been trying to fix the (lack of) routing passed on to Windows 10 by trying the DHCP answer found at <b class="">Split-routing-on-Windows-10-and-Windows-10-Mobile</b> [1] but I cant get the DHCP to work.  strongSwan doesnt make any requests to it.</div><div class=""><br class=""></div><div class="">I have installed and configured dnsmasq with just the options in the support guide and dnsmasq is listening on tcp port 53 (DNS) and 67 (DHCP).</div><div class=""><br class=""></div><div class=""><div class="">I have rebuilt strongswan with dhcp support.</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><b class="">$ <span style="font-family: Menlo; font-size: 11px; background-color: rgb(255, 255, 255);" class="">/etc/dnsmasq.conf</span></b></div><div class=""><span style="font-family: Menlo; font-size: 11px; background-color: rgb(255, 255, 255);" class=""><div class="">dhcp-vendorclass=set:msipsec,MSFT 5.0</div><div class="">dhcp-range=tag:msipsec,192.168.103.0,static</div><div class="">dhcp-option=tag:msipsec,6</div><div class="">dhcp-option=tag:msipsec,249, 0.0.0.0/1,0.0.0.0, 128.0.0.0/1,0.0.0.0</div></span></div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><b class="">$ netstat -tunlp</b></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Active Internet connections (only servers)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><b class="">tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      29951/dnsmasq   </b></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1143/sshd       </span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">tcp6       0      0 :::53                   :::*                    LISTEN      29951/dnsmasq   </span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">tcp6       0      0 :::22                   :::*                    LISTEN      1143/sshd       </span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">udp        0      0 0.0.0.0:4500            0.0.0.0:*                           30147/charon-system</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">udp        0      0 0.0.0.0:500             0.0.0.0:*                           30147/charon-system</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">udp        0      0 0.0.0.0:53              0.0.0.0:*                           29951/dnsmasq   </span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><b class="">udp        0      0 0.0.0.0:67              0.0.0.0:*                           29951/dnsmasq   </b></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">udp        0      0 0.0.0.0:68              0.0.0.0:*                           30147/charon-system</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">udp        0      0 0.0.0.0:68              0.0.0.0:*                           1005/dhclient   </span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">udp6       0      0 :::4500                 :::*                                30147/charon-system</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">udp6       0      0 :::500                  :::*                                30147/charon-system</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">udp6       0      0 :::53                   :::*                                29951/dnsmasq  </span></div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><b class="">$ swanctl --stats</b></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">...</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">loaded plugins: charon-systemd charon-systemd aes openssl des rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp curve25519 xcbc cmac hmac gcm curl attr kernel-netlink resolve socket-default vici updown eap-identity eap-mschapv2 eap-dynamic eap-tls xauth-generic <b class="">dhcp</b></span></div></div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><b class="">$ /etc/strongswan.d/charon/dhcp.conf </b></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">dhcp {</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">    force_server_address = yes</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">    load = yes</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">    server = </span>10.0.15.255</div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">}</span></div></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><b class="">$  /etc/swanctl/conf.d/policy.conf</b></div><div class="">connections {</div><div class=""><div class="">  clients {</div><div class="">     version = 2</div><div class="">     send_cert = always</div><div class="">     encap = yes</div><div class="">     unique = replace</div><div class="">     proposals = aes256-sha256-prfsha256-modp2048-modp1024</div><div class="">     pools = pool1</div><div class="">     local {</div><div class="">        id = vpnserver</div><div class="">        certs = vpnserver.crt</div><div class="">     }</div><div class="">     remote {</div><div class="">        auth = eap-mschapv2</div><div class="">        eap_id = %any</div><div class="">     }</div><div class="">     children {</div><div class="">        net {</div><div class="">           local_ts = 10.0.0.0/20</div><div class="">        }</div><div class="">     }</div><div class="">  }</div></div><div class="">}</div><div class=""><div class="">pools {</div><div class="">   pool1 {</div><div class="">     addrs = 172.16.0.0/12</div><div class="">     subnet = 10.0.0.0/18</div><div class="">     dhcp = 10.0.5.202</div><div class="">   }</div><div class="">}</div></div><div class=""><br class=""></div><div class="">The route I would expect to see on Windows 10 should simulate</div><div class=""><br class=""></div><div class=""><b class="">route ADD 10.0.0.0 MASK 255.255.240.0 172.16.0.X</b></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><b class="">The connection log </b></div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">May  3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: IKE_SA rsa[1] established between 10.0.5.202[vpnserver1]...148.252.225.26[192.168.1.31]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">May  3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: scheduling rekeying in 13750s</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">May  3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: maximum IKE_SA lifetime 15190s</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">May  3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: peer requested virtual IP %any</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">May  3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: assigning new lease to '<a href="http://christian.salway.naimuri.com/" class="">christian.salway.naimuri.com</a>'</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">May  3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: assigning virtual IP 172.16.0.1 to peer '<a href="http://christian.salway.naimuri.com/" class="">christian.salway.naimuri.com</a>'</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">May  3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: peer requested virtual IP %any6</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">May  3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: no virtual IP found for %any6 requested by '<a href="http://christian.salway.naimuri.com/" class="">christian.salway.naimuri.com</a>'</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">May  3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: CHILD_SA net{1} established with SPIs cac7b9af_i 02fc4cb2_o and TS 10.0.0.0/18 === 172.16.0.1/32</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">May  3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: generating IKE_AUTH response 5 [ AUTH CPRP(ADDR SUBNET DHCP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]</span></div></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><br class=""></div><div class="">[1] <a href="https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#Split-routing-on-Windows-10-and-Windows-10-Mobile" class="">https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#Split-routing-on-Windows-10-and-Windows-10-Mobile</a></div></div></div></blockquote></div><br class=""></body></html>