From bc6ec4de7314885d2725bccc186a527bda37c2bc Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 5 Jul 2012 19:06:44 +0200
Subject: Option added to enforce a configured destination address for DHCP
 packets

---
 man/strongswan.conf.5.in | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'man')

diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index 70149bce7..4f30c42f0 100644
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -323,6 +323,14 @@ Hashing algorithm to fingerprint coupled certificates
 .BR charon.plugins.coupling.max " [1]"
 Maximum number of coupling entries to create
 .TP
+.BR charon.plugins.dhcp.force_server_address " [no]"
+Always use the configured server address. This might be helpful if the DHCP
+server runs on the same host as strongSwan, and the DHCP daemon does not listen
+on the loopback interface.  In that case the server cannot be reached via
+unicast (or even 255.255.255.255) as that would be routed via loopback.
+Setting this option to yes and configuring the local broadcast address (e.g.
+192.168.0.255) as server address might work.
+.TP
 .BR charon.plugins.dhcp.identity_lease " [no]"
 Derive user-defined MAC address from hash of IKEv2 identity
 .TP
-- 
cgit v1.2.3