[strongSwan-dev] 5.6.3 regression: dhcp integration appears to be broken
harald.dunkel at aixigo.de
Tue Jun 5 15:25:37 CEST 2018
since 5.6.3 the dhcp integration seems to be broken. The logfile shows
Jun 5 14:44:04 28[IKE] <IPSec-IKEv2|1> peer requested virtual IP %any
Jun 5 14:44:04 28[IKE] <IPSec-IKEv2|1> no virtual IP found for %any requested by 'ppcm018.ws.example.com'
For 5.6.2 I had
Jun 5 14:37:45 25[IKE] <IPSec-IKEv2|1> peer requested virtual IP %any
Jun 5 14:37:45 25[CFG] <IPSec-IKEv2|1> sending DHCP DISCOVER to 172.19.122.9
Jun 5 14:37:46 25[CFG] <IPSec-IKEv2|1> sending DHCP DISCOVER to 172.19.122.9
Jun 5 14:37:48 25[CFG] <IPSec-IKEv2|1> sending DHCP DISCOVER to 172.19.122.9
Jun 5 14:37:48 30[CFG] received DHCP OFFER 172.19.122.26 from 127.0.0.1
Please note that 5.6.3 didn't even try to send dhcp discover messages.
After moving back to version 5.6.2 the problem is gone again.
force_server_address = yes
identity_lease = yes
load = yes
server = 172.19.122.9
Adding "interface = eth1" did not help.
ipsec.conf is attached. Every helpful comment is highly appreciated.
-------------- next part --------------
# check https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
left = hippogate.example.com
fragmentation = yes
leftsubnet = 172.19.96.0/19
leftfirewall = no
ikelifetime = 1d
lifetime = 8h
rekey = yes
dpdaction = none # default: no dead peer detection
dpddelay = 30s # default: 30s
dpdtimeout = 150s # default: 150s, used for IKEv1 only
leftcert = hippogate.example.com.cert.pem
leftsendcert = always
dpdaction = clear
dpddelay = 90s
dpdtimeout = 300s
keyexchange = ikev2
also = roadwarrior
ike = aes256-sha256-modp2048,aes256-sha256-modp1536!
esp = aes256-sha256-modp2048,aes256-sha256-modp1536!
right = %any
rightca = "C=DE, ST=NRW, O=example AG, OU=IT, CN=my-ca"
rightauth = pubkey
rightsendcert = ifasked
rightsourceip = %dhcp
auto = add
More information about the Dev