[strongSwan] DHCP plugin

Nikola Kolev nikky at minus273.org
Tue Jan 24 00:17:14 CET 2017 

Hi,

Maybe I'm misreading the bits you posted, but why would you have your 

>      # DHCP server unicast or broadcast IP address.
>       server = 10.1.1.63

configured that way? Is that one and the same interface (with 10.1.1.1
on br0)? What is the reason of having a network broadcast IP address set
on a host?

I would focus on either running dnsmasq with full debug or strace-ing
it to see what's causing that "Operation not permitted".

Cheers

On Sun, 22 Jan 2017 22:33:06 +0100
Dusan Ilic <dusan at comhem.se> wrote:

> Hello,
> 
> I have a problem with the DHCP plugin.
> I have Strongswan and DNSmasq on the same host (my Linux gateway) and 
> would like to issue IP adress from local LAN to remote access users, 
> however, I cant get it working. In the logging I can see Strongswan 
> sending DHCP Discover, and DNSmasq responding, however directly after 
> DNSmasq gives a strange error.
> 
> Jan 22 20:46:42 R6250 daemon.info charon: 08[CFG] sending DHCP
> DISCOVER to 10.1.1.63 Jan 22 21:46:42 R6250 daemon.info dnsmasq-dhcp
> [7945]: DHCPDISCOVER(br0) 7a:a7:46:6b:f7:04 Jan 22 21:46:42 R6250
> daemon.info dnsmasq-dhcp[7945]: DHCPOFFER(br0) 10.1.1.60
> 7a:a7:46:6b:f7:04 Jan 22 21:46:42 R6250 daemon.warn dnsmasq-dhcp
> [7945]: Error sending DHCP packet to 10.1.1.1: Operation not
> permitted Jan 22 20:46:47 R6250 daemon.info charon: 08[CFG] DHCP
> DISCOVER timed out
> 
> 10.1.1.1 is my gateway. 10.1.1.63 is broadcast adress (local LAN
> 10.1.1.0/26). I have also tried changing broadcast in charon settings
> to 255.255.255.255, but then there is no DHCPOFFER seen in the logs.
> 
> Jan 22 20:44:02 R6250 daemon.info charon: 09[CFG] sending DHCP
> DISCOVER to 255.255.255.255 Jan 22 20:44:03 R6250 daemon.info charon:
> 09[CFG] sending DHCP DISCOVER to 255.255.255.255 Jan 22 20:44:05
> R6250 daemon.info charon: 09[CFG] sending DHCP DISCOVER to
> 255.255.255.255 Jan 22 20:44:08 R6250 daemon.info charon: 09[CFG]
> sending DHCP DISCOVER to 255.255.255.255 Jan 22 20:44:12 R6250
> daemon.info charon: 09[CFG] sending DHCP DISCOVER to 255.255.255.255
> Jan 22 20:44:17 R6250 daemon.info charon: 09[CFG] DHCP DISCOVER timed
> out
> 
> Below is my DHCP-plugin config.
> 
> dhcp {
> 
>      # Always use the configured server address.
>       force_server_address = yes
> 
>      # Derive user-defined MAC address from hash of IKE identity.
>      # identity_lease = yes
> 
>      # Interface name the plugin uses for address allocation.
>       interface = br0 # Local interface where DNSmasq is listening
> 
>      # Whether to load the plugin. Can also be an integer to increase
>      # the priority of this plugin.
>      load = yes
> 
>      # DHCP server unicast or broadcast IP address.
>       server = 10.1.1.63
> 
> }
> 


-- 
Nikola Kolev <nikky at minus273.org>

More information about the Users mailing list