[strongSwan] Not Able to Connect

Info infosec at quantum-equities.com
Thu Mar 29 20:12:04 CEST 2018

On 03/29/2018 10:21 AM, Andreas Steffen wrote:
> Hi,
> yes you can fully integrate a remote host into a LAN by using the
> farp and dhcp plugins on the VPN gateway so that the gateway
> acts as an ARP proxy for the remote clients. Have a look at the
> following example scenario based on swanctl:
>   https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/
> In swanctl.conf
> https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.swanctl.conf
> use pools = dhcp and in strongswan.conf
> https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.strongswan.conf
> define the DCHP server to be used.
> Regards
> Andreas
Thanks Andreas.  You likely know (but for the benefit of others), things
are done differently in RHEL.  For the plugins normally loaded by
/etc/strongswan/strongswan.conf, in the case of RHEL there's just a call to:
charon {
        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf

... and in that directory there's a .conf for each plugin.  Given the
charon.log, all required plugins are already being loaded without my
intervention (at least for charon, Idk about swanctl), including farp
and dhcp.  Since I no longer use the stroke plugin I set in its .conf
file load = no.  And in dhcp.conf I set  server = which
will be the LAN DHCP server.

Thing is since I run servers I've always used static IPs, so I'll have
to figure out DHCP predictable assignment.  But with the transition to
IPV6 I will be using DHCP exclusively. (for the love of all that's holy)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180329/1640bec9/attachment.html>

More information about the Users mailing list