diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-07-05 19:06:44 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-09-13 10:59:24 +0200 |
| commit | bc6ec4de7314885d2725bccc186a527bda37c2bc (patch) | |
| tree | 32547ba31e77992a4e8bd166974caa2f3880a096 | |
| parent | 493f85b696ee74747c1d962007dcb26b2f95e15e (diff) | |
| download | strongswan-bc6ec4de7314885d2725bccc186a527bda37c2bc.tar.bz2 strongswan-bc6ec4de7314885d2725bccc186a527bda37c2bc.tar.xz | |
Option added to enforce a configured destination address for DHCP packets
| -rw-r--r-- | man/strongswan.conf.5.in | 8 | ||||
| -rw-r--r-- | src/libcharon/plugins/dhcp/dhcp_socket.c | 10 |
2 files changed, 17 insertions, 1 deletions
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index 70149bce7..4f30c42f0 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -323,6 +323,14 @@ Hashing algorithm to fingerprint coupled certificates .BR charon.plugins.coupling.max " [1]" Maximum number of coupling entries to create .TP +.BR charon.plugins.dhcp.force_server_address " [no]" +Always use the configured server address. This might be helpful if the DHCP +server runs on the same host as strongSwan, and the DHCP daemon does not listen +on the loopback interface. In that case the server cannot be reached via +unicast (or even 255.255.255.255) as that would be routed via loopback. +Setting this option to yes and configuring the local broadcast address (e.g. +192.168.0.255) as server address might work. +.TP .BR charon.plugins.dhcp.identity_lease " [no]" Derive user-defined MAC address from hash of IKEv2 identity .TP diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index 8f976aead..104c71c01 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -105,6 +105,11 @@ struct private_dhcp_socket_t { * DHCP server address, or broadcast */ host_t *dst; + + /** + * Force configured destination address + */ + bool force_dst; }; /** @@ -266,7 +271,7 @@ static bool send_dhcp(private_dhcp_socket_t *this, ssize_t len; dst = transaction->get_server(transaction); - if (!dst) + if (!dst || this->force_dst) { dst = this->dst; } @@ -701,6 +706,9 @@ dhcp_socket_t *dhcp_socket_create() this->identity_lease = lib->settings->get_bool(lib->settings, "%s.plugins.dhcp.identity_lease", FALSE, charon->name); + this->force_dst = lib->settings->get_str(lib->settings, + "%s.plugins.dhcp.force_server_address", FALSE, + charon->name); this->dst = host_create_from_string(lib->settings->get_str(lib->settings, "%s.plugins.dhcp.server", "255.255.255.255", charon->name), DHCP_SERVER_PORT); |