I have noticed that Windows 10 is not asking for DHCP though May 3 16:55:37 ip-10-0-5-202 charon-systemd[30549]: parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Where as OSX is May 3 16:53:07 ip-10-0-5-202 charon-systemd[30505]: parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ] <http://www.naimuri.com/> > On 3 May 2018, at 17:34, Christian Salway <[email protected]> > wrote: > > Hi, > > I've been trying to fix the (lack of) routing passed on to Windows 10 by > trying the DHCP answer found at > Split-routing-on-Windows-10-and-Windows-10-Mobile [1] but I cant get the DHCP > to work. strongSwan doesnt make any requests to it. > > I have installed and configured dnsmasq with just the options in the support > guide and dnsmasq is listening on tcp port 53 (DNS) and 67 (DHCP). > > I have rebuilt strongswan with dhcp support. > > > $ /etc/dnsmasq.conf > dhcp-vendorclass=set:msipsec,MSFT 5.0 > dhcp-range=tag:msipsec,192.168.103.0,static > dhcp-option=tag:msipsec,6 > dhcp-option=tag:msipsec,249, 0.0.0.0/1,0.0.0.0, 128.0.0.0/1,0.0.0.0 > > $ netstat -tunlp > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > PID/Program name > tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN > 29951/dnsmasq > tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN > 1143/sshd > tcp6 0 0 :::53 :::* LISTEN > 29951/dnsmasq > tcp6 0 0 :::22 :::* LISTEN > 1143/sshd > udp 0 0 0.0.0.0:4500 0.0.0.0:* > 30147/charon-system > udp 0 0 0.0.0.0:500 0.0.0.0:* > 30147/charon-system > udp 0 0 0.0.0.0:53 0.0.0.0:* > 29951/dnsmasq > udp 0 0 0.0.0.0:67 0.0.0.0:* > 29951/dnsmasq > udp 0 0 0.0.0.0:68 0.0.0.0:* > 30147/charon-system > udp 0 0 0.0.0.0:68 0.0.0.0:* > 1005/dhclient > udp6 0 0 :::4500 :::* > 30147/charon-system > udp6 0 0 :::500 :::* > 30147/charon-system > udp6 0 0 :::53 :::* > 29951/dnsmasq > > > $ swanctl --stats > ... > loaded plugins: charon-systemd charon-systemd aes openssl des rc2 sha2 sha1 > md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 > pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp curve25519 xcbc cmac hmac gcm > curl attr kernel-netlink resolve socket-default vici updown eap-identity > eap-mschapv2 eap-dynamic eap-tls xauth-generic dhcp > > $ /etc/strongswan.d/charon/dhcp.conf > dhcp { > force_server_address = yes > load = yes > server = 10.0.15.255 > } > > $ /etc/swanctl/conf.d/policy.conf > connections { > clients { > version = 2 > send_cert = always > encap = yes > unique = replace > proposals = aes256-sha256-prfsha256-modp2048-modp1024 > pools = pool1 > local { > id = vpnserver > certs = vpnserver.crt > } > remote { > auth = eap-mschapv2 > eap_id = %any > } > children { > net { > local_ts = 10.0.0.0/20 > } > } > } > } > pools { > pool1 { > addrs = 172.16.0.0/12 > subnet = 10.0.0.0/18 > dhcp = 10.0.5.202 > } > } > > The route I would expect to see on Windows 10 should simulate > > route ADD 10.0.0.0 MASK 255.255.240.0 172.16.0.X > > > The connection log > > May 3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: IKE_SA rsa[1] > established between 10.0.5.202[vpnserver1]...148.252.225.26[192.168.1.31] > May 3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: scheduling rekeying in > 13750s > May 3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: maximum IKE_SA lifetime > 15190s > May 3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: peer requested virtual > IP %any > May 3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: assigning new lease to > 'christian.salway.naimuri.com <http://christian.salway.naimuri.com/>' > May 3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: assigning virtual IP > 172.16.0.1 to peer 'christian.salway.naimuri.com > <http://christian.salway.naimuri.com/>' > May 3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: peer requested virtual > IP %any6 > May 3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: no virtual IP found for > %any6 requested by 'christian.salway.naimuri.com > <http://christian.salway.naimuri.com/>' > May 3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: CHILD_SA net{1} > established with SPIs cac7b9af_i 02fc4cb2_o and TS 10.0.0.0/18 === > 172.16.0.1/32 > May 3 16:27:58 ip-10-0-5-202 charon-systemd[30250]: generating IKE_AUTH > response 5 [ AUTH CPRP(ADDR SUBNET DHCP) SA TSi TSr N(MOBIKE_SUP) > N(NO_ADD_ADDR) ] > > > [1] > https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#Split-routing-on-Windows-10-and-Windows-10-Mobile > > <https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#Split-routing-on-Windows-10-and-Windows-10-Mobile>
