[Kea-users] kea and stongswan dhcp not working Posteingang
Sascha Marcel Hacker
smhrambo at googlemail.com
Mon Sep 11 17:16:32 UTC 2023
My last answer was blocked by the mail Server.
As mentioned in my first message, I want to mitigate to kea.
There is no further support for isc-dhcp, so kea is the next step.
I don't want to go back.
For all Strongswan users who want to use isc-dhcp or kea, like in my
situation where the DHCP and Strongswan server (kea or isc-dhc) are on the
same host.
For isc-dhcp:
dhcp {
# Always use the configured server address.
# force_server_address = no
force_server_address = yes
# Derive user-defined MAC address from hash of IKE identity and send
client
# identity DHCP option.
# identity_lease = no
# Interface name the plugin uses for address allocation.
# interface =
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
# DHCP server unicast or broadcast IP address.
# server = 255.255.255.255
server = 10.13.11.255
# Use the DHCP server port (67) as source port when a unicast server
address
# is configured.
# use_server_port = no
}
Where the IP address in the server option is the broadcast address of the
subnet where you want to address the DHCP pool.
For kea:
dhcp {
# Always use the configured server address.
# force_server_address = no
force_server_address = yes
# Derive user-defined MAC address from hash of IKE identity and send
client
# identity DHCP option.
# identity_lease = no
# Interface name the plugin uses for address allocation.
interface = mavlan_vpn
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
# DHCP server unicast or broadcast IP address.
# server = 255.255.255.255
# Use the DHCP server port (67) as source port when a unicast server
address
# is configured.
# use_server_port = no
}
Where the interface option is the interface of the subnet where you want to
address the DHCP pool.
And for both (isc-dhcp and kea) (Source:
https://docs.strongswan.org/docs/5.9/plugins/dhcp.html):
If the DHCP server runs on the same host as the daemon with DHCP plugin,
you may need to enable dhcp.force_server_address and then set dhcp.server
to the local broadcast address, e.g. 192.168.0.255. That’s because some
DHCP daemons do not listen on the loopback interface and thus can’t be
reached via unicast (or even broadcast 255.255.255.255) from the same host.
Am Mo., 11. Sept. 2023 um 16:48 Uhr schrieb Darren Ankney <
darren.ankney at gmail.com>:
> Hi,
>
> > isc-dhcp needs "server = 10.13.11.255" as the server address to respond
> and offer an IP address.
> > kea needs "server = 255.255.255.255" as the server address to respond
> and offer an IP address.
>
> So you are able to get it to work with either one but have to make a
> small edit in the configuration? That seems like an acceptable
> situation unless you plan to switch back and forth or run both
> simultaneously or something.
>
> Thank you,
>
> Darren Ankney
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20230911/729cafd7/attachment.htm>
More information about the Kea-users
mailing list