[strongSwan] DHCP flood
daniel.flynn at me.com
Thu Mar 24 18:58:34 CET 2016
Good Day Tobias,
Thank you for the response. A little update. I was able to resolve the "DHCP storm” issue by eliminating the rightsubnet declaration.
I did notice that if leftsubnet was NOT everything (0.0.0.0/0), the client would not pick up the DNS server from the strongSwan peer. Perhaps this is worthy of another thread.
My clients are the native iOS 9 and OS X 10.11 IKEv2 ones.
Anyway, the short of it is that it is now working as expected, even if I don’t understand why the client struggles to get the DNS server from the strongSwan peer if the leftsubnet is not 0.0.0.0/8.
Thank you so much for the help.
> On Mar 23, 2016, at 11:34 AM, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Dan,
>> I am configuring my strongSwan instance on Debian Wheezy for a single
>> road warrior to be able to connect via IKEv2. It works, but whenever
>> I establish the tunnel from the remote client, the Debian instance
>> floods the network with DHCP lease requests.
> What client are you using? Are the DHCP requests sent to a unicast
> address? Since you tunnel everything (leftsubnet=0.0.0.0/0) this might
> also apply to DHCP requests.
More information about the Users