Re: [strongSwan] DHCP plugin

Wed, 25 Jan 2017 06:56:18 -0800 

Hi Yudi,
It works now exactly as you have it configured, probably the reason it didn't work were because I had configured Charon to only listen to the public interfaces. 


Is it possible to assign some connecting clients by DHCP in one VLAN, 
and other from another?



On 2017-01-25 02:09, Yudi V wrote:




On Wed, Jan 25, 2017 at 4:27 AM, Dusan Ilic <[email protected] 
<mailto:[email protected]>> wrote:


    Hello Nikola,

    Well, br0 is the local LAN interface on the gateway and the local
    LAN IP of the gateway (also DHCP-server) is 10.1.1.1.
    So in the network 10.1.1.0/26 <http://10.1.1.0/26>, 10.1.1.63 is
    the local broadcast address.



    On 2017-01-24 00:17, Nikola Kolev wrote:

        Hi,

        Maybe I'm misreading the bits you posted, but why would you
        have your

                  # DHCP server unicast or broadcast IP address.
                   server = 10.1.1.63

        configured that way? Is that one and the same interface (with
        10.1.1.1
        on br0)? What is the reason of having a network broadcast IP
        address set
        on a host?

        I would focus on either running dnsmasq with full debug or
        strace-ing
        it to see what's causing that "Operation not permitted".

        Cheers

        On Sun, 22 Jan 2017 22:33:06 +0100
        Dusan Ilic <[email protected] <mailto:[email protected]>> wrote:

            Hello,

            I have a problem with the DHCP plugin.
            I have Strongswan and DNSmasq on the same host (my Linux
            gateway) and
            would like to issue IP adress from local LAN to remote
            access users,
            however, I cant get it working. In the logging I can see
            Strongswan
            sending DHCP Discover, and DNSmasq responding, however
            directly after
            DNSmasq gives a strange error.

            Jan 22 20:46:42 R6250 daemon.info <http://daemon.info>
            charon: 08[CFG] sending DHCP
            DISCOVER to 10.1.1.63 Jan 22 21:46:42 R6250 daemon.info
            <http://daemon.info> dnsmasq-dhcp
            [7945]: DHCPDISCOVER(br0) 7a:a7:46:6b:f7:04 Jan 22
            21:46:42 R6250
            daemon.info <http://daemon.info> dnsmasq-dhcp[7945]:
            DHCPOFFER(br0) 10.1.1.60
            7a:a7:46:6b:f7:04 Jan 22 21:46:42 R6250 daemon.warn
            dnsmasq-dhcp
            [7945]: Error sending DHCP packet to 10.1.1.1
            <http://10.1.1.1>: Operation not
            permitted Jan 22 20:46:47 R6250 daemon.info
            <http://daemon.info> charon: 08[CFG] DHCP
            DISCOVER timed out

            10.1.1.1 is my gateway. 10.1.1.63 is broadcast adress
            (local LAN
            10.1.1.0/26 <http://10.1.1.0/26>). I have also tried
            changing broadcast in charon settings
            to 255.255.255.255, but then there is no DHCPOFFER seen in
            the logs.

            Jan 22 20:44:02 R6250 daemon.info <http://daemon.info>
            charon: 09[CFG] sending DHCP
            DISCOVER to 255.255.255.255 Jan 22 20:44:03 R6250
            daemon.info <http://daemon.info> charon:
            09[CFG] sending DHCP DISCOVER to 255.255.255.255 Jan 22
            20:44:05
            R6250 daemon.info <http://daemon.info> charon: 09[CFG]
            sending DHCP DISCOVER to
            255.255.255.255 Jan 22 20:44:08 R6250 daemon.info
            <http://daemon.info> charon: 09[CFG]
            sending DHCP DISCOVER to 255.255.255.255 Jan 22 20:44:12 R6250
            daemon.info <http://daemon.info> charon: 09[CFG] sending
            DHCP DISCOVER to 255.255.255.255
            Jan 22 20:44:17 R6250 daemon.info <http://daemon.info>
            charon: 09[CFG] DHCP DISCOVER timed
            out

            Below is my DHCP-plugin config.

            dhcp {

                  # Always use the configured server address.
                   force_server_address = yes

                  # Derive user-defined MAC address from hash of IKE
            identity.
                  # identity_lease = yes

                  # Interface name the plugin uses for address allocation.
                   interface = br0 # Local interface where DNSmasq is
            listening

                  # Whether to load the plugin. Can also be an integer
            to increase
                  # the priority of this plugin.
                  load = yes

                  # DHCP server unicast or broadcast IP address.
                   server = 10.1.1.63

            }



    _______________________________________________
    Users mailing list
    [email protected] <mailto:[email protected]>
    https://lists.strongswan.org/mailman/listinfo/users
    <https://lists.strongswan.org/mailman/listinfo/users>



Hi Dusan,

I have a similar setup on an openwrt router, mine works fine,

The only difference is I dont use the "interface=" stanza in the 
dhcp.conf and just use the standard broadcast address 192.168.1.255
I have several VLANs, and just my changing the broadcast address of 
the server I can get leases from the subnet/vlan I want.


--
Kind regards,
Yudi



_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users





















					Reply via email to