[strongSwan] client virtual ip address assignment issue with dhcp

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Apr 25 11:25:43 CEST 2017 

Hello Alex,

On 25.04.2017 10:48, Alex Sharaz wrote:
> ens1f0    Link encap:Ethernet  HWaddr 00:14:4f:0d:d0:c8
>           inet addr:144.32.128.198  Bcast:144.32.129.255  Mask:255.255.254.0
>           inet6 addr: 2001:630:61:180::1:c6/64 Scope:Global
>           inet6 addr: fe80::214:4fff:fe0d:d0c8/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:5882984 errors:0 dropped:5307 overruns:0 frame:0
>           TX packets:995070 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:1009471362 (1.0 GB)  TX bytes:264680178 (264.6 MB)
>           Interrupt:30 Memory:b3d80000-b3da0000
> 
> ens1f1    Link encap:Ethernet  HWaddr 00:14:4f:0d:d0:c9
>           inet addr:10.16.35.121  Bcast:10.16.35.127  Mask:255.255.255.248
>           inet6 addr: fe80::214:4fff:fe0d:d0c9/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:21887 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1313 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:1428333 (1.4 MB)  TX bytes:216885 (216.8 KB)
>           Interrupt:32 Memory:b3de0000-b3e00000
> 

It that's Linux, please stop using ifconfig. It's part of the net-tools family that's been deprecated
and unmaintained since the early 2000s. Use iproute2 instead.

> The 3rd one however fails as the dhcp server sees a request from interface ends1f1 and tells me there isn't an ip address pool defined for address space 10.16.35..../x, which is correct, there isn't. 
> 
> Do I have to create another interface on the von server in address space 172.18.64.0/24 <http://172.18.64.0/24> and tell dhcp to send reqyuestout via that?

No, you don't need another interface. You can either do some DHCP relay chaining or make your DHCP server serve the subnet on the network ends1f1 is connected to.

-- 
Noel Kuntze
IT security consultant

GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170425/a13dce8e/attachment.sig>

More information about the Users mailing list