[strongSwan] why my can not get the ip from dhcp server

张亚东 yadong_zhang at hotmail.com
Mon Oct 18 10:41:31 CEST 2010 

I just set my storngswan client and server  under the 
UML [Test ikev2/dhcp-dynamic]
but I can not assign the client ip address by dhcp server.
the client's ipsec.conf:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        plutostart=no
conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
# Add connections here.
conn host-host
 left=192.168.0.15
 leftsourceip=%config
 leftcert=client.pem
 leftid=client at xxx.com
 right=192.168.0.7
 rightsubnet=10.1.0.0/16
 rightid=server at xxx.com
 auto=add

the server's ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        plutostart=no
conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
        left=192.168.0.7
        leftsubnet=10.1.0.0/24
        leftcert=server.pem
        leftid=server at xxx.com
# Add connections here.
conn host-host
 right=%any
 rightsourceip=%dhcp              #10.1.0.119
 auto=add

when i run command in the client: #ipsec up host-host
Got the error information:
received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built

and 
I found the server's log is wrong(I think)
14[IKE] peer requested virtual IP %any
14[CFG] sending DHCP DISCOVER to 10.1.0.111
06[CFG] received DHCP OFFER 10.1.0.122 from %any
14[CFG] sending DHCP REQUEST for 10.1.0.122 to %any
14[CFG] sending DHCP REQUEST for 10.1.0.122 to %any
14[CFG] sending DHCP REQUEST for 10.1.0.122 to %any
15[MGR] ignoring request with ID 1, already processing
14[CFG] sending DHCP REQUEST for 10.1.0.122 to %any
14[CFG] sending DHCP REQUEST for 10.1.0.122 to %any
16[MGR] ignoring request with ID 1, already processing


but the UML Test's log is (from:http://www.strongswan.org/uml/testresults44/ikev2/dhcp-dynamic/moon.daemon.log)
Jul 30 14:49:09 moon charon: 13[IKE] peer requested virtual IP %any 
Jul 30 14:49:09 moon charon: 13[CFG] sending DHCP DISCOVER to 10.1.255.255 
Jul 30 14:49:10 moon charon: 09[CFG] received DHCP OFFER 10.1.0.51 from 10.1.0.20 
Jul 30 14:49:10 moon charon: 13[CFG] sending DHCP REQUEST for 10.1.0.51 to 10.1.0.20 
Jul 30 14:49:10 moon charon: 09[CFG] received DHCP ACK for 10.1.0.51 
Jul 30 14:49:10 moon charon: 13[IKE] assigning virtual IP 10.1.0.51 to peer 'dave at strongswan.org

anyone can help me?
why I alway got %any in the log,
but the UML Test's log is the assigned IP by the DHCP Server.


 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101018/6a40ea2d/attachment.html>

More information about the Users mailing list