[strongSwan] DHCP plugin

Dusan Ilic dusan at comhem.se
Tue Jan 24 18:27:32 CET 2017 

Hello Nikola,

Well, br0 is the local LAN interface on the gateway and the local LAN IP 
of the gateway (also DHCP-server) is 10.1.1.1.
So in the network 10.1.1.0/26, 10.1.1.63 is the local broadcast address.


On 2017-01-24 00:17, Nikola Kolev wrote:
> Hi,
>
> Maybe I'm misreading the bits you posted, but why would you have your
>
>>       # DHCP server unicast or broadcast IP address.
>>        server = 10.1.1.63
> configured that way? Is that one and the same interface (with 10.1.1.1
> on br0)? What is the reason of having a network broadcast IP address set
> on a host?
>
> I would focus on either running dnsmasq with full debug or strace-ing
> it to see what's causing that "Operation not permitted".
>
> Cheers
>
> On Sun, 22 Jan 2017 22:33:06 +0100
> Dusan Ilic <dusan at comhem.se> wrote:
>
>> Hello,
>>
>> I have a problem with the DHCP plugin.
>> I have Strongswan and DNSmasq on the same host (my Linux gateway) and
>> would like to issue IP adress from local LAN to remote access users,
>> however, I cant get it working. In the logging I can see Strongswan
>> sending DHCP Discover, and DNSmasq responding, however directly after
>> DNSmasq gives a strange error.
>>
>> Jan 22 20:46:42 R6250 daemon.info charon: 08[CFG] sending DHCP
>> DISCOVER to 10.1.1.63 Jan 22 21:46:42 R6250 daemon.info dnsmasq-dhcp
>> [7945]: DHCPDISCOVER(br0) 7a:a7:46:6b:f7:04 Jan 22 21:46:42 R6250
>> daemon.info dnsmasq-dhcp[7945]: DHCPOFFER(br0) 10.1.1.60
>> 7a:a7:46:6b:f7:04 Jan 22 21:46:42 R6250 daemon.warn dnsmasq-dhcp
>> [7945]: Error sending DHCP packet to 10.1.1.1: Operation not
>> permitted Jan 22 20:46:47 R6250 daemon.info charon: 08[CFG] DHCP
>> DISCOVER timed out
>>
>> 10.1.1.1 is my gateway. 10.1.1.63 is broadcast adress (local LAN
>> 10.1.1.0/26). I have also tried changing broadcast in charon settings
>> to 255.255.255.255, but then there is no DHCPOFFER seen in the logs.
>>
>> Jan 22 20:44:02 R6250 daemon.info charon: 09[CFG] sending DHCP
>> DISCOVER to 255.255.255.255 Jan 22 20:44:03 R6250 daemon.info charon:
>> 09[CFG] sending DHCP DISCOVER to 255.255.255.255 Jan 22 20:44:05
>> R6250 daemon.info charon: 09[CFG] sending DHCP DISCOVER to
>> 255.255.255.255 Jan 22 20:44:08 R6250 daemon.info charon: 09[CFG]
>> sending DHCP DISCOVER to 255.255.255.255 Jan 22 20:44:12 R6250
>> daemon.info charon: 09[CFG] sending DHCP DISCOVER to 255.255.255.255
>> Jan 22 20:44:17 R6250 daemon.info charon: 09[CFG] DHCP DISCOVER timed
>> out
>>
>> Below is my DHCP-plugin config.
>>
>> dhcp {
>>
>>       # Always use the configured server address.
>>        force_server_address = yes
>>
>>       # Derive user-defined MAC address from hash of IKE identity.
>>       # identity_lease = yes
>>
>>       # Interface name the plugin uses for address allocation.
>>        interface = br0 # Local interface where DNSmasq is listening
>>
>>       # Whether to load the plugin. Can also be an integer to increase
>>       # the priority of this plugin.
>>       load = yes
>>
>>       # DHCP server unicast or broadcast IP address.
>>        server = 10.1.1.63
>>
>> }
>>
>

More information about the Users mailing list