[strongSwan] ipsec detection on isc dhcpd

Christ Schlacta lists at aarcane.org
Thu Jul 14 19:23:51 CEST 2011


I've dedicated an entire /23 to strongswan IKEv2 clients, and would like to
be able to have charon query ISC dhcpd to acquire IP addressi and other
parameters.  It would be nice if in addition, I could use a user-specified
attribute of the IKEv2 identity as a hostname (for example, my certificates
are configured such that cn=hostname).  it would also be nice if I could
tell windows the connection specific dns suffix, which there seems to be no
RFC to specify at present, that's a suggestion for future RFC refinements.

I keep running into 2 problems an a minor issue:

1) the DHCP server never gets requests.  I've tried specifying
255.255.255.255 and the specific DHCP server address, and neither results in
queries arriving at the DHCP server, which is on the same device as
strongswan
2) I've reserved the address range with some subnet parameters, et al on the
dhcp server, but have no generic way to match "this query has come from
charon, so issue it an IP address from this pool".  there's no virtual
device for charon, so I can't specify an IP address in the range, or
similar, and I'm at a complete loss how to accomplish this now.
3) this is somewhat less.  there's no way to specify a certificate attribute
as hostname or other, anything except the "ikev2 identity" can't be passed
in the dhcp request insofar as I can identify.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110714/8fbb2b6c/attachment.html>


More information about the Users mailing list