[strongSwan] dhcp plugin, isc-dhcp vs dnsmasq

brent s. bts at square-r00t.net
Mon Jan 14 11:47:04 CET 2019

On 1/14/19 5:12 AM, Harald Dunkel wrote:
> Hi folks,
> using isc-dhcp-server 4.3.5 on the peer network my laptop takes just
> a second to establish an IPsec connection (dhcp plugin involved, of
> course). Using dnsmasq 2.80 it takes at least 3 seconds, maybe 4.
> Can anybody reproduce this disadvantage of dnsmasq over isc-dhcp? Do
> you think it would help to support rapid commit (rfc4039) in the dhcp
> plugin?
> (strongswan is version 5.7.2 on the laptop and on the peers. Debian 9)
> Regards
> Harri


I can't help with your original request, but I *would* be curious in
seeing where exactly this happens and what dnsmasq is doing for those
3-4 seconds -

can you enable log-dhcp in your dnsmasq.conf (and restart), and share
with us the output during a connection to strongswan? (obviously scrub
any sensitive parts as necessary.)

brent saner
GPG info: https://square-r00t.net/gpg-info

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190114/fd00119e/attachment.sig>

More information about the Users mailing list