[strongSwan] DHCP flood

Daniel Flynn daniel.flynn at me.com
Tue Mar 22 16:21:53 CET 2016 

Good Day All,

I am configuring my strongSwan instance on Debian Wheezy for a single road warrior to be able to connect via IKEv2. It works, but whenever I establish the tunnel from the remote client, the Debian instance floods the network with DHCP lease requests. Destroy the connection and the flood stops.

Here is a snippet from /etc/ipsec.conf:

#####

config setup
        # strictcrlpolicy=yes
        # uniqueids = no
        charondebug="cfg 2, dmn 2, ike 2, net 2"
        uniqueids=never

# Add connections here.

conn %default
        keyexchange=ikev2
        ike=aes256-sha256-prfsha256-modp1024
        esp=aes256-sha256-modp1024
        dpdaction=clear
        dpddelay=300s
        rekey=no
        left=%any
        leftid=“<externally resolvable debian server fqdn>"
        leftsendcert=always
        leftsubnet=0.0.0.0/0
        leftcert=vpnHostCert.pem
        leftfirewall=yes
        right=%any
        rightid=<remote username>
        rightcert=<remote user key>
        rightdns=192.168.1.116
        rightsourceip=192.168.1.117
        rightsubnet=192.168.1.0/24

conn IPSec-IKEv2
        keyexchange=ikev2
        auto=add

#####

I’m sure I am missing something silly, but I haven’t found it yet. And troubleshooting this live is grinding my network to a halt. :)

Thank you for your guidance.

Dan

More information about the Users mailing list