[strongSwan] DHCP plugin

Dusan Ilic dusan at comhem.se
Wed Jan 25 15:53:49 CET 2017 

Hi Yudi,

It works now exactly as you have it configured, probably the reason it 
didn't work were because I had configured Charon to only listen to the 
public interfaces.

Is it possible to assign some connecting clients by DHCP in one VLAN, 
and other from another?


On 2017-01-25 02:09, Yudi V wrote:
>
>
> On Wed, Jan 25, 2017 at 4:27 AM, Dusan Ilic <dusan at comhem.se 
> <mailto:dusan at comhem.se>> wrote:
>
>     Hello Nikola,
>
>     Well, br0 is the local LAN interface on the gateway and the local
>     LAN IP of the gateway (also DHCP-server) is 10.1.1.1.
>     So in the network 10.1.1.0/26 <http://10.1.1.0/26>, 10.1.1.63 is
>     the local broadcast address.
>
>
>
>     On 2017-01-24 00:17, Nikola Kolev wrote:
>
>         Hi,
>
>         Maybe I'm misreading the bits you posted, but why would you
>         have your
>
>                   # DHCP server unicast or broadcast IP address.
>                    server = 10.1.1.63
>
>         configured that way? Is that one and the same interface (with
>         10.1.1.1
>         on br0)? What is the reason of having a network broadcast IP
>         address set
>         on a host?
>
>         I would focus on either running dnsmasq with full debug or
>         strace-ing
>         it to see what's causing that "Operation not permitted".
>
>         Cheers
>
>         On Sun, 22 Jan 2017 22:33:06 +0100
>         Dusan Ilic <dusan at comhem.se <mailto:dusan at comhem.se>> wrote:
>
>             Hello,
>
>             I have a problem with the DHCP plugin.
>             I have Strongswan and DNSmasq on the same host (my Linux
>             gateway) and
>             would like to issue IP adress from local LAN to remote
>             access users,
>             however, I cant get it working. In the logging I can see
>             Strongswan
>             sending DHCP Discover, and DNSmasq responding, however
>             directly after
>             DNSmasq gives a strange error.
>
>             Jan 22 20:46:42 R6250 daemon.info <http://daemon.info>
>             charon: 08[CFG] sending DHCP
>             DISCOVER to 10.1.1.63 Jan 22 21:46:42 R6250 daemon.info
>             <http://daemon.info> dnsmasq-dhcp
>             [7945]: DHCPDISCOVER(br0) 7a:a7:46:6b:f7:04 Jan 22
>             21:46:42 R6250
>             daemon.info <http://daemon.info> dnsmasq-dhcp[7945]:
>             DHCPOFFER(br0) 10.1.1.60
>             7a:a7:46:6b:f7:04 Jan 22 21:46:42 R6250 daemon.warn
>             dnsmasq-dhcp
>             [7945]: Error sending DHCP packet to 10.1.1.1
>             <http://10.1.1.1>: Operation not
>             permitted Jan 22 20:46:47 R6250 daemon.info
>             <http://daemon.info> charon: 08[CFG] DHCP
>             DISCOVER timed out
>
>             10.1.1.1 is my gateway. 10.1.1.63 is broadcast adress
>             (local LAN
>             10.1.1.0/26 <http://10.1.1.0/26>). I have also tried
>             changing broadcast in charon settings
>             to 255.255.255.255, but then there is no DHCPOFFER seen in
>             the logs.
>
>             Jan 22 20:44:02 R6250 daemon.info <http://daemon.info>
>             charon: 09[CFG] sending DHCP
>             DISCOVER to 255.255.255.255 Jan 22 20:44:03 R6250
>             daemon.info <http://daemon.info> charon:
>             09[CFG] sending DHCP DISCOVER to 255.255.255.255 Jan 22
>             20:44:05
>             R6250 daemon.info <http://daemon.info> charon: 09[CFG]
>             sending DHCP DISCOVER to
>             255.255.255.255 Jan 22 20:44:08 R6250 daemon.info
>             <http://daemon.info> charon: 09[CFG]
>             sending DHCP DISCOVER to 255.255.255.255 Jan 22 20:44:12 R6250
>             daemon.info <http://daemon.info> charon: 09[CFG] sending
>             DHCP DISCOVER to 255.255.255.255
>             Jan 22 20:44:17 R6250 daemon.info <http://daemon.info>
>             charon: 09[CFG] DHCP DISCOVER timed
>             out
>
>             Below is my DHCP-plugin config.
>
>             dhcp {
>
>                   # Always use the configured server address.
>                    force_server_address = yes
>
>                   # Derive user-defined MAC address from hash of IKE
>             identity.
>                   # identity_lease = yes
>
>                   # Interface name the plugin uses for address allocation.
>                    interface = br0 # Local interface where DNSmasq is
>             listening
>
>                   # Whether to load the plugin. Can also be an integer
>             to increase
>                   # the priority of this plugin.
>                   load = yes
>
>                   # DHCP server unicast or broadcast IP address.
>                    server = 10.1.1.63
>
>             }
>
>
>
>     _______________________________________________
>     Users mailing list
>     Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>     https://lists.strongswan.org/mailman/listinfo/users
>     <https://lists.strongswan.org/mailman/listinfo/users>
>
>
>
> Hi Dusan,
>
> I have a similar setup on an openwrt router, mine works fine,
> The only difference is I dont use the "interface=" stanza in the 
> dhcp.conf and just use the standard broadcast address 192.168.1.255
> I have several VLANs, and just my changing the broadcast address of 
> the server I can get leases from the subnet/vlan I want.
>
> -- 
> Kind regards,
> Yudi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170125/07b433ae/attachment.html>

More information about the Users mailing list