[strongSwan] Trouble with strongswan and dhcp server on same host

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Jul 24 12:01:13 CEST 2018 

Hello,

That is because packets that are sent on a physical interface are not received again on the same interface. You need to go over the loopback interface.

Kind regards

Noel

On 23.07.2018 18:09, Nathan Hüsken wrote:
> Hi,
>
> I have installed strongswan and dnsmasq (which also is used as a dhcp server) on  the same host. I want  to give remote computers ips through dnsmasq, so I set:
>
>     righsourceip=%dhcp
>
> Now strongswan seemed to have problems reaching the dhcp server. So I set
>
>     interface=eth1
>
> in /etc/strongswan/strongswan.d/charon/dhcp.conf. Now looking at the logs, I see:
>
> charon: 14[CFG] sending DHCP DISCOVER to 255.255.255.255
> charon: 14[CFG] sending DHCP DISCOVER to 255.255.255.255
> charon: 14[CFG] sending DHCP DISCOVER to 255.255.255.255
> dnsmasq-dhcp[27740]: DHCPDISCOVER(eth1) 7a:a7:33:54:e9:78
> dnsmasq-dhcp[27740]: DHCPOFFER(eth1) 192.168.123.207 7a:a7:33:54:e9:78
> dnsmasq-dhcp[27740]: DHCPDISCOVER(eth1) 7a:a7:33:54:e9:78
> dnsmasq-dhcp[27740]: DHCPOFFER(eth1) 192.168.123.207 7a:a7:33:54:e9:78
> dnsmasq-dhcp[27740]: DHCPDISCOVER(eth1) 7a:a7:33:54:e9:78
> dnsmasq-dhcp[27740]: DHCPOFFER(eth1) 192.168.123.207 7a:a7:33:54:e9:78
> charon: 03[NET] received packet: from 185.38.41.42[60669] to 89.145.162.204[4500]
> charon: 03[NET] waiting for data on sockets
> charon: 15[MGR] checkout IKEv2 SA by message with SPIs a26490f46fda38af_i c55a50bf7d6c4f76_r
> charon: 15[MGR] ignoring request with ID 5, already processing
> charon: 15[MGR] IKE_SA checkout not successful
> charon: 14[CFG] sending DHCP DISCOVER to 255.255.255.255
>
> So dnsmasq receives the dhcp requests, answers but strongswan seems to never get it. So I set:
>
>     force_server_address = yes
>     server = 192.168.123.255
> The server is my local broadcast address. Now the connection fails immediately, and in the logs I see:
>
> strongswan: 14[IKE] no virtual IP found for %any requested by 'nathan'
> strongswan: 14[IKE] no virtual IP found, sending INTERNAL_ADDRESS_FAILURE
>
> And not even an attempt, to ask the dhcp server.
>
> Why is strongswan does not even requesting a DHCP DISCOVER?
> What could be the reason?
>
> Thanks!
> Nathan
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180724/0d051020/attachment.sig>

More information about the Users mailing list