[strongSwan] DHCP plugin

Dusan Ilic dusan at comhem.se
Tue Jan 24 18:24:53 CET 2017 

Spot on, I had some special iptable rules that inadvertetly blocked this return traffic, in combination with only running Charon on public interfaces. After removing the rule and enabling Charon on br0 it all started to work.

Thank you.

However, now I'm experiencing a new problem. After a very short time, like in max a minute or maybe two, the traffic completely stops. Looking at ipsec statusall everything seem to look the same right before as after it happens. The client is still connected and I'm running an continues ping from both sides. When changing back to Charon not listening on br0, and disabling dhcp-plugin, it works without this disruption (but then again, DHCP-plugin doesnt work). Any ideas?

> ---- Noel Kuntze skrev ----
>
>
>
> On 23.01.2017 01:46, Dusan Ilic wrote:
> > Thanks, I have already read it and configured according to those 
> instructions but without any success.
> >
> > To me it seems to be the issue that the DHCP server is sending the 
> offer to its own IP, because Strongswan is also using that IP.
>
> Well, make sure your firewall rules permit the traffic. That could 
> also make sure the DHCP daemon can respond.
> It shouldn't be a problem that both daemons send packets from the same 
> IP. That setup works without problems for other people.
> You have to be doing something special so it doesn't work for you.
>
> -- 
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
>
>
>
> On 23.01.2017 01:46, Dusan Ilic wrote:
>> Thanks, I have already read it and configured according to those instructions but without any success.
>>
>> To me it seems to be the issue that the DHCP server is sending the offer to its own IP, because Strongswan is also using that IP.
> Well, make sure your firewall rules permit the traffic. That could also make sure the DHCP daemon can respond.
> It shouldn't be a problem that both daemons send packets from the same IP. That setup works without problems for other people.
> You have to be doing something special so it doesn't work for you.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170124/35dfd9ba/attachment.html>

More information about the Users mailing list