[strongSwan] DHCP flood

Daniel Flynn daniel.flynn at me.com
Thu Mar 24 18:58:34 CET 2016

Good Day Tobias,

Thank you for the response. A little update. I was able to resolve the "DHCP storm” issue by eliminating the rightsubnet declaration.

I did notice that if leftsubnet was NOT everything (, the client would not pick up the DNS server from the strongSwan peer. Perhaps this is worthy of another thread.

My clients are the native iOS 9 and OS X 10.11 IKEv2 ones.

Anyway, the short of it is that it is now working as expected, even if I don’t understand why the client struggles to get the DNS server from the strongSwan peer if the leftsubnet is not

Thank you so much for the help.



> On Mar 23, 2016, at 11:34 AM, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Dan,
>> I am configuring my strongSwan instance on Debian Wheezy for a single
>> road warrior to be able to connect via IKEv2. It works, but whenever
>> I establish the tunnel from the remote client, the Debian instance
>> floods the network with DHCP lease requests.
> What client are you using?  Are the DHCP requests sent to a unicast
> address?  Since you tunnel everything (leftsubnet= this might
> also apply to DHCP requests.
> Regards,
> Tobias

More information about the Users mailing list