<div dir="ltr"><div dir="ltr">My last answer was blocked by the mail Server.<br><br>As mentioned in my first message, I want to mitigate to kea.<br>There is no further support for isc-dhcp, so kea is the next step.<br>I don't want to go back.<br><br>For all Strongswan users who want to use isc-dhcp or kea, like in my situation where the DHCP and Strongswan server (kea or isc-dhc) are on the same host.<div><font size="2"><span style="font-family:arial,sans-serif"><br></span></font></div><div><font size="2"><span style="font-family:arial,sans-serif">For isc-dhcp:</span></font></div><div><font size="2"><span style="font-family:arial,sans-serif">dhcp {<br> # Always use the configured server address.<br> # force_server_address = no<br> force_server_address = yes<br><br> # Derive user-defined MAC address from hash of IKE identity and send client<br> # identity DHCP option.<br> # identity_lease = no<br><br> # Interface name the plugin uses for address allocation.<br> # interface =<br><br> # Whether to load the plugin. Can also be an integer to increase the<br> # priority of this plugin.<br> load = yes<br><br> # DHCP server unicast or broadcast IP address.<br> # server = 255.255.255.255<br> server = 10.13.11.255<br><br> # Use the DHCP server port (67) as source port when a unicast server address<br> # is configured.<br> # use_server_port = no<br>}</span></font></div><div><font size="2"><span style="font-family:arial,sans-serif"><br></span></font></div><div>Where the IP address in the server option is the broadcast address of the subnet where you want to address the DHCP pool.<font size="2"><span style="font-family:arial,sans-serif"></span></font></div><div><font size="2"><span style="font-family:arial,sans-serif"><br></span></font></div><div><font size="2"><span style="font-family:arial,sans-serif">For kea:</span></font></div><div><font size="2"><span style="font-family:arial,sans-serif">dhcp {<br> # Always use the configured server address.<br> # force_server_address = no<br> force_server_address = yes<br><br> # Derive user-defined MAC address from hash of IKE identity and send client<br> # identity DHCP option.<br> # identity_lease = no<br><br> # Interface name the plugin uses for address allocation.<br> interface = mavlan_vpn<br><br> # Whether to load the plugin. Can also be an integer to increase the<br> # priority of this plugin.<br> load = yes<br><br> # DHCP server unicast or broadcast IP address.<br> # server = 255.255.255.255<br><br> # Use the DHCP server port (67) as source port when a unicast server address<br> # is configured.<br> # use_server_port = no<br>}</span></font></div><div><font size="2"><span style="font-family:arial,sans-serif"><br></span></font></div><div>Where the interface option is the interface of the subnet where you want to address the DHCP pool.</div><div><font size="2"><span style="font-family:arial,sans-serif"><br></span></font></div>And for both (isc-dhcp and kea) (Source: <a href="https://docs.strongswan.org/docs/5.9/plugins/dhcp.html">https://docs.strongswan.org/docs/5.9/plugins/dhcp.html</a>):<br>If the DHCP server runs on the same host as the daemon with DHCP plugin, you may need to enable dhcp.force_server_address and then set dhcp.server to the local broadcast address, e.g. 192.168.0.255. That’s because some DHCP daemons do not listen on the loopback interface and thus can’t be reached via unicast (or even broadcast 255.255.255.255) from the same host.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Am Mo., 11. Sept. 2023 um 16:48 Uhr schrieb Darren Ankney <<a href="mailto:darren.ankney@gmail.com">darren.ankney@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
> isc-dhcp needs "server = 10.13.11.255" as the server address to respond and offer an IP address.<br>
> kea needs "server = 255.255.255.255" as the server address to respond and offer an IP address.<br>
<br>
So you are able to get it to work with either one but have to make a<br>
small edit in the configuration? That seems like an acceptable<br>
situation unless you plan to switch back and forth or run both<br>
simultaneously or something.<br>
<br>
Thank you,<br>
<br>
Darren Ankney<br>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div></div>