[strongSwan] why my can not get the ip from dhcp server

张亚东 yadong_zhang at hotmail.com
Tue Oct 19 05:27:30 CEST 2010

TKS for your patch,I test it without the next-server configuration in dhcpd,and It make the client get the right virtual IP address.
not the ip relation with virtual ip address is below:DHCP Server:
when I ping from client to server:ping -I, ping can reach the server,
but when I ping from client to DHCP Server:ping -I I found the ping packet on eth0(bind to IP which connect to client)but no ping packet on eth1(bind to IP which connect to DHCP Server)
below is the ipsec statusall's result,
debianleft:~# ipsec statusall host-hostStatus of IKEv2 charon daemon (strongSwan 4.4.0):  uptime: 11 minutes, since Oct 18 23:12:07 2010  worker threads: 7 idle of 16, job queue load: 0, scheduled events: 2  loaded plugins: curl aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem openssl fips-prf xcbc hmac gmp attr kernel-netlink socket-raw farp stroke updown dhcp resolveListening IP addresses:   host-host:   host-host:   local:  [server at xxx.com] uses public key authentication   host-host:    cert:  " xxxxx"   host-host:   remote: [%any] uses any authentication   host-host:   child: === dynamicSecurity Associations:   host-host[1]: ESTABLISHED 11 minutes ago,[server at xxx.com]...[client at xxx.com]   host-host[1]: IKE SPIs: 5593331acc599847_i 4d93fa753cf9969f_r*, public key reauthentication in 45 minutes   host-host[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048   host-host{1}:  INSTALLED, TUNNEL, ESP in UDP SPIs: c03a569c_i cf1a06d0_o   host-host{1}:  AES_CBC_128/HMAC_SHA1_96, 53928 bytes_i (226s ago), 35196 bytes_o (226s ago), rekeying in 2 minutes   host-host{1}: ===

> Subject: RE: [strongSwan] why my can not get the ip from dhcp server
> From: martin at strongswan.org
> To: yadong_zhang at hotmail.com
> CC: users at lists.strongswan.org
> Date: Mon, 18 Oct 2010 12:36:06 +0200
> > but why we must need this parameters, it is the next server ip
> > address.
> Yes, we probably should prefer the 'server identifier' attribute instead
> of the 'siaddr' to send the REQUEST to.
> Please try the attached patch. It is completely untested, though.
> Regards
> Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101019/bd11681f/attachment.html>

More information about the Users mailing list