[strongSwan] DHCP plugin + freeradius - strange behavior when no proposals

Kamil Jońca kjonca at o2.pl
Tue Oct 16 12:41:00 CEST 2018


Tobias Brunner <tobias-jzJueiEJWxp8fCCB1iTX4w at public.gmane.org> writes:

>> only something like (I have had no debug):
>> 2018-10-14T19:27:57.322435+02:00 alfa charon-systemd[6721]: sending DHCP DISCOVER to 192.168.200.200
>> 2018-10-14T19:27:57.322643+02:00 alfa charon-systemd[6721]: received DHCP OFFER %any from 192.168.200.200
>> 2018-10-14T19:27:57.324271+02:00 alfa charon-systemd: 13[IKE] peer requested virtual IP %any
>> 2018-10-14T19:27:57.324465+02:00 alfa charon-systemd: 13[CFG] sending DHCP DISCOVER to 192.168.200.200
>> 2018-10-14T19:27:57.324653+02:00 alfa charon-systemd: 06[CFG] received DHCP OFFER %any from 192.168.200.200
>> 2018-10-14T19:27:57.325632+02:00 alfa charon-systemd[6721]: sending DHCP REQUEST for %any to 192.168.200.200
>> 2018-10-14T19:27:57.325731+02:00 alfa charon-systemd: 13[CFG] sending DHCP REQUEST for %any to 192.168.200.200
>> 2018-10-14T19:27:57.325846+02:00 alfa charon-systemd[6721]: sending DHCP REQUEST for %any to 192.168.200.200
>> 2018-10-14T19:27:57.326035+02:00 alfa charon-systemd: 13[CFG] sending DHCP REQUEST for %any to 192.168.200.200
>> 2018-10-14T19:27:57.332313+02:00 alfa charon-systemd[6721]: received DHCP ACK for %any
>> 2018-10-14T19:27:57.334059+02:00 alfa charon-systemd: 12[CFG] received DHCP ACK for %any
>
> Where do you see a loop here?  (The duplicate messages are due to your

In freeradius logs :), are repeating dhcp-request/dhcp-ack pairs.

This is the situation where relay agent and dhcp server uses the same
address and reply from dhcp server (freeradius) is sent to port 67
instead of 68. So I am not sure if strongswan repaeatedly ask for
address (but no log this) or not. It is possible for me that something makes
"echo" of original strongswan  request infinitely . As I said: I do not
know where  the problem is.



[...]
>
>> So I can safely keep my freeradius config?
>
> What doubts do you have?

If it is 'good practice'™ :)

KJ

-- 
http://wolnelektury.pl/wesprzyj/teraz/
Hmmm ... an arrogant bouquet with a subtle suggestion of POLYVINYL
CHLORIDE ...


More information about the Users mailing list