[strongSwan] DHCP plugin + freeradius - strange behavior when no proposals

Kamil Jońca kjonca at o2.pl
Tue Oct 16 11:16:43 CEST 2018 

Tobias Brunner <tobias-jzJueiEJWxp8fCCB1iTX4w at public.gmane.org> writes:

> Hi Kamil,
>
>> and received dhcp-ack.
>> And ... again send dhcp-request, received dhcp-ack, and we end with
>> infinite loop.
>
> Do you have the strongSwan log that goes with this?  And what strongSwan
> and FreeRADIUS versions are you using?

only something like (I have had no debug):
2018-10-14T19:27:57.322435+02:00 alfa charon-systemd[6721]: sending DHCP DISCOVER to 192.168.200.200
2018-10-14T19:27:57.322643+02:00 alfa charon-systemd[6721]: received DHCP OFFER %any from 192.168.200.200
2018-10-14T19:27:57.324271+02:00 alfa charon-systemd: 13[IKE] peer requested virtual IP %any
2018-10-14T19:27:57.324465+02:00 alfa charon-systemd: 13[CFG] sending DHCP DISCOVER to 192.168.200.200
2018-10-14T19:27:57.324653+02:00 alfa charon-systemd: 06[CFG] received DHCP OFFER %any from 192.168.200.200
2018-10-14T19:27:57.325632+02:00 alfa charon-systemd[6721]: sending DHCP REQUEST for %any to 192.168.200.200
2018-10-14T19:27:57.325731+02:00 alfa charon-systemd: 13[CFG] sending DHCP REQUEST for %any to 192.168.200.200
2018-10-14T19:27:57.325846+02:00 alfa charon-systemd[6721]: sending DHCP REQUEST for %any to 192.168.200.200
2018-10-14T19:27:57.326035+02:00 alfa charon-systemd: 13[CFG] sending DHCP REQUEST for %any to 192.168.200.200
2018-10-14T19:27:57.332313+02:00 alfa charon-systemd[6721]: received DHCP ACK for %any
2018-10-14T19:27:57.334059+02:00 alfa charon-systemd: 12[CFG] received DHCP ACK for %any

strongswan and freeradius packaged by debian:

strongswan:
Version: 5.7.1-1

freeradius:
Version: 3.0.16+dfsg-4.1+b1

>
>> Now I (temporarily) configure dhcp server not to send offer for unknown
>> client but I am not sure if it is proper solution.
>
> It should probably either offer a valid address or not send an offer
> at all.
>
>> 1. what should do dhcp server when receives dhcp-discover via  gateway,
                                                      relay agent ^^^^^^^      
>> when there is no proposals? should it send any answer?
>
> No, why should it send an offer if it has no addresses to offer?
I was afraid I overlooked something when read DHCP spec. (And there is
DHCP message informs relay that this server cannot serve request)

So I can safely keep my freeradius config?

KJ

-- 
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
Life is a healthy respect for mother nature laced with greed.

More information about the Users mailing list