[strongSwan] Not Able to Connect
Andreas Steffen
andreas.steffen at strongswan.org
Thu Mar 29 22:01:08 CEST 2018
Hi,
if you want static virtual IPs then you can use one of the following two
mechanism:
https://www.strongswan.org/testing/testresults/ikev2/dhcp-static-client-id/
or
https://www.strongswan.org/testing/testresults/ikev2/dhcp-static-mac/
Just have a look at the console log how the DHCP server has to
be configured.
Regards
Andreas
On 29.03.2018 20:12, Info wrote:
>
> On 03/29/2018 10:21 AM, Andreas Steffen wrote:
>> Hi,
>>
>> yes you can fully integrate a remote host into a LAN by using the
>> farp and dhcp plugins on the VPN gateway so that the gateway
>> acts as an ARP proxy for the remote clients. Have a look at the
>> following example scenario based on swanctl:
>>
>> https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/
>>
>> In swanctl.conf
>>
>>
>> https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.swanctl.conf
>>
>> use pools = dhcp and in strongswan.conf
>>
>>
>> https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.strongswan.conf
>>
>> define the DCHP server to be used.
>>
>> Regards
>>
>> Andreas
> Thanks Andreas. You likely know (but for the benefit of others), things
> are done differently in RHEL. For the plugins normally loaded by
> /etc/strongswan/strongswan.conf, in the case of RHEL there's just a call to:
> charon {
> load_modular = yes
> plugins {
> include strongswan.d/charon/*.conf
> }
> }
>
> ... and in that directory there's a .conf for each plugin. Given the
> charon.log, all required plugins are already being loaded without my
> intervention (at least for charon, Idk about swanctl), including farp
> and dhcp. Since I no longer use the stroke plugin I set in its .conf
> file load = no. And in dhcp.conf I set server = 192.168.1.10 which
> will be the LAN DHCP server.
>
> Thing is since I run servers I've always used static IPs, so I'll have
> to figure out DHCP predictable assignment. But with the transition to
> IPV6 I will be using DHCP exclusively. (for the love of all that's holy)
>
>
>
>
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[INS-HSR]==
More information about the Users
mailing list