[strongSwan] Trouble with strongswan and dhcp server on same host
Nathan Hüsken
nathan at wintercloud.de
Mon Jul 23 18:09:37 CEST 2018
Hi,
I have installed strongswan and dnsmasq (which also is used as a dhcp server) on the same host. I want to give remote computers ips through dnsmasq, so I set:
righsourceip=%dhcp
Now strongswan seemed to have problems reaching the dhcp server. So I set
interface=eth1
in /etc/strongswan/strongswan.d/charon/dhcp.conf. Now looking at the logs, I see:
charon: 14[CFG] sending DHCP DISCOVER to 255.255.255.255
charon: 14[CFG] sending DHCP DISCOVER to 255.255.255.255
charon: 14[CFG] sending DHCP DISCOVER to 255.255.255.255
dnsmasq-dhcp[27740]: DHCPDISCOVER(eth1) 7a:a7:33:54:e9:78
dnsmasq-dhcp[27740]: DHCPOFFER(eth1) 192.168.123.207 7a:a7:33:54:e9:78
dnsmasq-dhcp[27740]: DHCPDISCOVER(eth1) 7a:a7:33:54:e9:78
dnsmasq-dhcp[27740]: DHCPOFFER(eth1) 192.168.123.207 7a:a7:33:54:e9:78
dnsmasq-dhcp[27740]: DHCPDISCOVER(eth1) 7a:a7:33:54:e9:78
dnsmasq-dhcp[27740]: DHCPOFFER(eth1) 192.168.123.207 7a:a7:33:54:e9:78
charon: 03[NET] received packet: from 185.38.41.42[60669] to 89.145.162.204[4500]
charon: 03[NET] waiting for data on sockets
charon: 15[MGR] checkout IKEv2 SA by message with SPIs a26490f46fda38af_i c55a50bf7d6c4f76_r
charon: 15[MGR] ignoring request with ID 5, already processing
charon: 15[MGR] IKE_SA checkout not successful
charon: 14[CFG] sending DHCP DISCOVER to 255.255.255.255
So dnsmasq receives the dhcp requests, answers but strongswan seems to never get it. So I set:
force_server_address = yes
server = 192.168.123.255
The server is my local broadcast address. Now the connection fails immediately, and in the logs I see:
strongswan: 14[IKE] no virtual IP found for %any requested by 'nathan'
strongswan: 14[IKE] no virtual IP found, sending INTERNAL_ADDRESS_FAILURE
And not even an attempt, to ask the dhcp server.
Why is strongswan does not even requesting a DHCP DISCOVER?
What could be the reason?
Thanks!
Nathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180723/cea60026/attachment.html>
More information about the Users
mailing list