[strongSwan] dhcp plugin: mac address unpredictable?

Harald Dunkel harald.dunkel at aixigo.de
Wed Mar 19 13:53:50 CET 2014


Hi folks,

I have to restrict the IP address pool of my DHCP server to
known MAC addresses only. In this context I have 2 questions
about the dhcp plugin (using identity_lease = yes):

Wiki says, the mac address is derived from the "IKEv2 identity".
Does this mean the mac address changes, if I renew the client's
certificate?

It is pretty difficult to find the right MAC address in the log
file of the DHCP server, and charon doesn't tell, either. (Maybe
I am too blind to see?) Would it be possible to hardwire the mac
address in the certificate?


Every helpful response is highly appreciated
Harri
-- 
aixigo AG, Karl-Friedrich-Strasse 68, 52072 Aachen, Germany
phone: +49 241 559709-79, fax: +49 241 559709-99
eMail: harald.dunkel at aixigo.de, web: http://www.aixigo.de
Amtsgericht Aachen - HRB 8057, Vorstand: Erich Borsch, Christian Friedrich, Tobias Haustein, Vors. des Aufsichtsrates: Prof. Dr. Ruediger von Nitzsch


More information about the Users mailing list