[strongSwan] DHCP plugin

Yudi V yudi.tux at gmail.com
Wed Jan 25 02:09:04 CET 2017 

On Wed, Jan 25, 2017 at 4:27 AM, Dusan Ilic <dusan at comhem.se> wrote:

> Hello Nikola,
>
> Well, br0 is the local LAN interface on the gateway and the local LAN IP
> of the gateway (also DHCP-server) is 10.1.1.1.
> So in the network 10.1.1.0/26, 10.1.1.63 is the local broadcast address.
>
>
>
> On 2017-01-24 00:17, Nikola Kolev wrote:
>
>> Hi,
>>
>> Maybe I'm misreading the bits you posted, but why would you have your
>>
>>       # DHCP server unicast or broadcast IP address.
>>>        server = 10.1.1.63
>>>
>> configured that way? Is that one and the same interface (with 10.1.1.1
>> on br0)? What is the reason of having a network broadcast IP address set
>> on a host?
>>
>> I would focus on either running dnsmasq with full debug or strace-ing
>> it to see what's causing that "Operation not permitted".
>>
>> Cheers
>>
>> On Sun, 22 Jan 2017 22:33:06 +0100
>> Dusan Ilic <dusan at comhem.se> wrote:
>>
>> Hello,
>>>
>>> I have a problem with the DHCP plugin.
>>> I have Strongswan and DNSmasq on the same host (my Linux gateway) and
>>> would like to issue IP adress from local LAN to remote access users,
>>> however, I cant get it working. In the logging I can see Strongswan
>>> sending DHCP Discover, and DNSmasq responding, however directly after
>>> DNSmasq gives a strange error.
>>>
>>> Jan 22 20:46:42 R6250 daemon.info charon: 08[CFG] sending DHCP
>>> DISCOVER to 10.1.1.63 Jan 22 21:46:42 R6250 daemon.info dnsmasq-dhcp
>>> [7945]: DHCPDISCOVER(br0) 7a:a7:46:6b:f7:04 Jan 22 21:46:42 R6250
>>> daemon.info dnsmasq-dhcp[7945]: DHCPOFFER(br0) 10.1.1.60
>>> 7a:a7:46:6b:f7:04 Jan 22 21:46:42 R6250 daemon.warn dnsmasq-dhcp
>>> [7945]: Error sending DHCP packet to 10.1.1.1: Operation not
>>> permitted Jan 22 20:46:47 R6250 daemon.info charon: 08[CFG] DHCP
>>> DISCOVER timed out
>>>
>>> 10.1.1.1 is my gateway. 10.1.1.63 is broadcast adress (local LAN
>>> 10.1.1.0/26). I have also tried changing broadcast in charon settings
>>> to 255.255.255.255, but then there is no DHCPOFFER seen in the logs.
>>>
>>> Jan 22 20:44:02 R6250 daemon.info charon: 09[CFG] sending DHCP
>>> DISCOVER to 255.255.255.255 Jan 22 20:44:03 R6250 daemon.info charon:
>>> 09[CFG] sending DHCP DISCOVER to 255.255.255.255 Jan 22 20:44:05
>>> R6250 daemon.info charon: 09[CFG] sending DHCP DISCOVER to
>>> 255.255.255.255 Jan 22 20:44:08 R6250 daemon.info charon: 09[CFG]
>>> sending DHCP DISCOVER to 255.255.255.255 Jan 22 20:44:12 R6250
>>> daemon.info charon: 09[CFG] sending DHCP DISCOVER to 255.255.255.255
>>> Jan 22 20:44:17 R6250 daemon.info charon: 09[CFG] DHCP DISCOVER timed
>>> out
>>>
>>> Below is my DHCP-plugin config.
>>>
>>> dhcp {
>>>
>>>       # Always use the configured server address.
>>>        force_server_address = yes
>>>
>>>       # Derive user-defined MAC address from hash of IKE identity.
>>>       # identity_lease = yes
>>>
>>>       # Interface name the plugin uses for address allocation.
>>>        interface = br0 # Local interface where DNSmasq is listening
>>>
>>>       # Whether to load the plugin. Can also be an integer to increase
>>>       # the priority of this plugin.
>>>       load = yes
>>>
>>>       # DHCP server unicast or broadcast IP address.
>>>        server = 10.1.1.63
>>>
>>> }
>>>
>>>
>>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>


Hi Dusan,

I have a similar setup on an openwrt router, mine works fine,
The only difference is I dont use the "interface=" stanza in the dhcp.conf
and just use the standard broadcast address 192.168.1.255
I have several VLANs, and just my changing the broadcast address of the
server I can get leases from the subnet/vlan I want.

-- 
Kind regards,
Yudi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170125/c539dcad/attachment.html>

More information about the Users mailing list