[strongSwan] swanctl.conf and DHCP plugin

Andreas Steffen andreas.steffen at strongswan.org
Wed Feb 3 12:41:40 CET 2016 

Hi Laurent,

just define pools = dhcp as in the following example swanctl.conf file:

connections {

   rw {
      local_addrs  = 192.168.0.1
      pools = dhcp

      local {
         auth = pubkey
         certs = moonCert.pem
         id = moon.strongswan.org
      }
      remote {
         auth = pubkey
      }
      children {
         net {
            local_ts  = 10.1.0.0/16

            updown = /usr/local/libexec/ipsec/_updown iptables
            esp_proposals = aes128gcm128-modp3072
         }
      }
      version = 2
      proposals = aes128-sha256-modp3072
   }
}

Best regards

Andreas

On 02/02/2016 11:09 PM, Laurent Bouchard wrote:
> Hi,
> 
>                I configured something similar to the swanctl/ip_pool
> setup
> (https://www.strongswan.org/testing/testresults/swanctl/ip-pool/index.html).
> 
> 
> It works, but I wonder how I can use and configure the DHCP plugin
> (https://wiki.strongswan.org/projects/strongswan/wiki/Dhcpplugin) for a
> connection.
> 
> In other words what is the equivalent of ipsec.conf
> “rightsourceip=%dhcp” in /etc/strongswan/swanctl/swanctl.conf?
> 
>  
> 
> Note: I noticed and tried “pools.<name>.<attr>”  with attr as “dhcp”.
> But this seems to configure something else (INTERNAL_IP4_DHCP which the
> strongswan client does not support). Also the “addrs” field was still
> mandatory in the pool and the gateway seemed to take the first address
> in the range/CIDR anyways.
> 
>  
> 
> Should I just use ipsec.conf instead? I just noticed that the vici
> plugin is experimental in the plugin list …
> 
>  
> 
> Thanks,
> 
> Laurent
> 
>  
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160203/0e5c6510/attachment.bin>

More information about the Users mailing list