[strongSwan] DHCP plugin
Dusan Ilic
dusan at comhem.se
Sun Jan 22 22:33:06 CET 2017
Hello,
I have a problem with the DHCP plugin.
I have Strongswan and DNSmasq on the same host (my Linux gateway) and
would like to issue IP adress from local LAN to remote access users,
however, I cant get it working. In the logging I can see Strongswan
sending DHCP Discover, and DNSmasq responding, however directly after
DNSmasq gives a strange error.
Jan 22 20:46:42 R6250 daemon.info charon: 08[CFG] sending DHCP DISCOVER to 10.1.1.63
Jan 22 21:46:42 R6250 daemon.info dnsmasq-dhcp[7945]: DHCPDISCOVER(br0) 7a:a7:46:6b:f7:04
Jan 22 21:46:42 R6250 daemon.info dnsmasq-dhcp[7945]: DHCPOFFER(br0) 10.1.1.60 7a:a7:46:6b:f7:04
Jan 22 21:46:42 R6250 daemon.warn dnsmasq-dhcp[7945]: Error sending DHCP packet to 10.1.1.1: Operation not permitted
Jan 22 20:46:47 R6250 daemon.info charon: 08[CFG] DHCP DISCOVER timed out
10.1.1.1 is my gateway. 10.1.1.63 is broadcast adress (local LAN 10.1.1.0/26).
I have also tried changing broadcast in charon settings to 255.255.255.255, but then there is no DHCPOFFER seen in the logs.
Jan 22 20:44:02 R6250 daemon.info charon: 09[CFG] sending DHCP DISCOVER to 255.255.255.255
Jan 22 20:44:03 R6250 daemon.info charon: 09[CFG] sending DHCP DISCOVER to 255.255.255.255
Jan 22 20:44:05 R6250 daemon.info charon: 09[CFG] sending DHCP DISCOVER to 255.255.255.255
Jan 22 20:44:08 R6250 daemon.info charon: 09[CFG] sending DHCP DISCOVER to 255.255.255.255
Jan 22 20:44:12 R6250 daemon.info charon: 09[CFG] sending DHCP DISCOVER to 255.255.255.255
Jan 22 20:44:17 R6250 daemon.info charon: 09[CFG] DHCP DISCOVER timed out
Below is my DHCP-plugin config.
dhcp {
# Always use the configured server address.
force_server_address = yes
# Derive user-defined MAC address from hash of IKE identity.
# identity_lease = yes
# Interface name the plugin uses for address allocation.
interface = br0 # Local interface where DNSmasq is listening
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
# DHCP server unicast or broadcast IP address.
server = 10.1.1.63
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170122/5c8fe5c7/attachment.html>
More information about the Users
mailing list