aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2012-07-05 19:06:44 +0200
committerTobias Brunner <tobias@strongswan.org>2012-09-13 10:59:24 +0200
commitbc6ec4de7314885d2725bccc186a527bda37c2bc (patch)
tree32547ba31e77992a4e8bd166974caa2f3880a096
parent493f85b696ee74747c1d962007dcb26b2f95e15e (diff)
downloadstrongswan-bc6ec4de7314885d2725bccc186a527bda37c2bc.tar.bz2
strongswan-bc6ec4de7314885d2725bccc186a527bda37c2bc.tar.xz
Option added to enforce a configured destination address for DHCP packets
-rw-r--r--man/strongswan.conf.5.in8
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_socket.c10
2 files changed, 17 insertions, 1 deletions
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index 70149bce7..4f30c42f0 100644
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -323,6 +323,14 @@ Hashing algorithm to fingerprint coupled certificates
.BR charon.plugins.coupling.max " [1]"
Maximum number of coupling entries to create
.TP
+.BR charon.plugins.dhcp.force_server_address " [no]"
+Always use the configured server address. This might be helpful if the DHCP
+server runs on the same host as strongSwan, and the DHCP daemon does not listen
+on the loopback interface. In that case the server cannot be reached via
+unicast (or even 255.255.255.255) as that would be routed via loopback.
+Setting this option to yes and configuring the local broadcast address (e.g.
+192.168.0.255) as server address might work.
+.TP
.BR charon.plugins.dhcp.identity_lease " [no]"
Derive user-defined MAC address from hash of IKEv2 identity
.TP
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c
index 8f976aead..104c71c01 100644
--- a/src/libcharon/plugins/dhcp/dhcp_socket.c
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c
@@ -105,6 +105,11 @@ struct private_dhcp_socket_t {
* DHCP server address, or broadcast
*/
host_t *dst;
+
+ /**
+ * Force configured destination address
+ */
+ bool force_dst;
};
/**
@@ -266,7 +271,7 @@ static bool send_dhcp(private_dhcp_socket_t *this,
ssize_t len;
dst = transaction->get_server(transaction);
- if (!dst)
+ if (!dst || this->force_dst)
{
dst = this->dst;
}
@@ -701,6 +706,9 @@ dhcp_socket_t *dhcp_socket_create()
this->identity_lease = lib->settings->get_bool(lib->settings,
"%s.plugins.dhcp.identity_lease", FALSE,
charon->name);
+ this->force_dst = lib->settings->get_str(lib->settings,
+ "%s.plugins.dhcp.force_server_address", FALSE,
+ charon->name);
this->dst = host_create_from_string(lib->settings->get_str(lib->settings,
"%s.plugins.dhcp.server", "255.255.255.255",
charon->name), DHCP_SERVER_PORT);