What do you intend to say with that? I already wrote that what Windows does has nothing to do with the "dhcp" plugin.
Look, I did not participate in the developing of the Windows Agile VPN client and I also don't know why they did it. I just tell you how it is. After the CHILD_SA is up, Windows starts sending DHCP DISCOVER messages over the CHILD_SA. That's what it does. I don't know *why* it does that and/or who thought that was a good idea, but it does that. It does *not* do anything over IKE and it has *no* relation to what the "dhcp" plugin of strongSwan does (which is the *responder* (*not* the inititator) requesting an IP and DNS/WINS settings over DHCP). On 8/9/18 1:30 PM, Christian Salway wrote: > https://wiki.strongswan.org/issues/1098 > > > Tobias Brunner <https://wiki.strongswan.org/users/8> almost 3 years > <https://wiki.strongswan.org/projects/strongswan/activity?from=2015-09-07> ago > > * *Status* changed from /New/ to /Feedback/ > * *Priority* changed from /High/ to /Normal/ > > There is a DHCP plugin > <https://wiki.strongswan.org/projects/strongswan/wiki/DHCPPlugin> to _assign > virtual IPs and DNS servers to clients_ that are requested by the strongSwan > server via DHCP on behalf of the clients. If you are considering DHCP over > IPsec there is a configuration attribute called |INTERNAL_IP4_DHCP| but > strongSwan has no support for that as client (i.e. it won't request it). And > as server you can only assign it globally via the attr > <https://wiki.strongswan.org/projects/strongswan/wiki/Attrplugin> or the > attr-sql <https://wiki.strongswan.org/projects/strongswan/wiki/Attrsql> > plugins. Also > > > > Kind regards, > > *Christian Salway* > IT Consultant - *Naimuri* > > T: +44 7463 331432 > E: christian.sal...@naimuri.com <mailto:christian.sal...@naimuri.com> > A: Naimuri Ltd, Chandlers Point, Manchester M50 2UW > >> On 9 Aug 2018, at 07:13, Noel Kuntze >> <noel.kuntze+strongswan-users-ml@thermi.consulting >> <mailto:noel.kuntze+strongswan-users-ml@thermi.consulting>> wrote: >> >> It's because you're doing it wrong. You must *not* use the dhcp plugin of >> strongSwan to request the IP. Have Windows do a DHCP request over the VPN >> (according to the article it should do that). The dhcp plugin does something >> completely different. >> >> On 09.08.2018 08:07, Christian Salway wrote: >>> Perhaps the answer is to set the attr DHCP to the IP of the DHCP server >>> inside the VPN but then still, how does the client know how to route to the >>> IP address. >>> >>> There doesn’t seem to be a solution for this even though all the parts are >>> there. >>> >>>> On 8 Aug 2018, at 15:15, Noel Kuntze >>>> <noel.kuntze+strongswan-users-ml@thermi.consulting >>>> <mailto:noel.kuntze+strongswan-users-ml@thermi.consulting>> wrote: >>>> >>>> Hello Christian, >>>> >>>> I guess the native Mac OSX client just doesn't support being connected to >>>> more than one server, so this can't be solved with it. >>>> >>>> For Windows, you need to setup and run a DHCP server on the VPN server, >>>> which answers the DHCP requests that Windows (uniquely and only Windows!) >>>> sends over the VPN. You can use that to push routes to the client. Just >>>> use the same options as with "real" DHCP clients, requesting configuration >>>> from/on the LAN. This is described in the article about Windows >>>> interoperability[1]. >>>> >>>> [1] >>>> https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#Split-routing-on-Windows-10-and-Windows-10-Mobile >>>> >>>> Kind regards >>>> >>>> Noel >>>> >>>>> On 07.08.2018 09:07, Christian Salway wrote: >>>>> Hello all, >>>>> >>>>> After several months of using strongSwan, I still can't get the routing >>>>> to work correctly on the clients. I have run out of pages to read on the >>>>> strongswan website so I hope you can help me out. >>>>> >>>>> The problem is when I connect to strongSwan, the routing is not >>>>> configured correctly on the clients (OSX and Windows) - using native >>>>> (built-in) clients. All updated with the latest patches/updates. >>>>> >>>>> OSX will set up a route based on the local_ts but when I open a >>>>> simultaneous connection to another strongSwan server, it removes the >>>>> route from the first VPN connection and adds it's own based on the >>>>> local_ts. >>>>> >>>>> WINDOWS doesnt add the route at all. >>>>> >>>>> In either cause, I normally have to manually add the routes in. >>>>> >>>>> Has anyone had any success? Can they please shed some light as to how >>>>> they achieved it? >>>>> >>>>> >>>>> Kind regards, >>>>> >>>>> *Christian Salway* >>>>> IT Consultant - *Naimuri* >>>>> >>>>> T: +44 7463 331432 >>>>> E: christian.sal...@naimuri.com <mailto:christian.sal...@naimuri.com> >>>>> <mailto:christian.sal...@naimuri.com> >>>>> A: Naimuri Ltd, Chandlers Point, Manchester M50 2UW >>>>> >>>> >> >
signature.asc
Description: OpenPGP digital signature
