Hi Noel, If I am providing a Virtual IP to the client, why would the client then request from a DHCP server....
I thought maybe I could set DHCP(6) in attr but its not supported by Windows.... > # Win10 supports ADDR(1) DNS(3) NBNS(4) SRV ADDR6(8) DNS6(10) SRV6 > # OSX supports ADDR DHCP(6) DNS MASK(2) ADDR6 DHCP6(12) DNS6 > DNS_DOMAIN(25) You say "You must *not* use the dhcp plugin of strongSwan to request the IP" then what is the option rightsourceip=%dhcp for? Have you had any success at this working and have the configuration because I spent a *solid* 20 hours yesterday and countless days before trying to get this to work. Kind regards, Christian Salway IT Consultant - Naimuri T: +44 7463 331432 E: christian.sal...@naimuri.com A: Naimuri Ltd, Chandlers Point, Manchester M50 2UW > On 9 Aug 2018, at 07:13, Noel Kuntze > <noel.kuntze+strongswan-users-ml@thermi.consulting> wrote: > > It's because you're doing it wrong. You must *not* use the dhcp plugin of > strongSwan to request the IP. Have Windows do a DHCP request over the VPN > (according to the article it should do that). The dhcp plugin does something > completely different. > > On 09.08.2018 08:07, Christian Salway wrote: >> Perhaps the answer is to set the attr DHCP to the IP of the DHCP server >> inside the VPN but then still, how does the client know how to route to the >> IP address. >> >> There doesn’t seem to be a solution for this even though all the parts are >> there. >> >>> On 8 Aug 2018, at 15:15, Noel Kuntze >>> <noel.kuntze+strongswan-users-ml@thermi.consulting> wrote: >>> >>> Hello Christian, >>> >>> I guess the native Mac OSX client just doesn't support being connected to >>> more than one server, so this can't be solved with it. >>> >>> For Windows, you need to setup and run a DHCP server on the VPN server, >>> which answers the DHCP requests that Windows (uniquely and only Windows!) >>> sends over the VPN. You can use that to push routes to the client. Just use >>> the same options as with "real" DHCP clients, requesting configuration >>> from/on the LAN. This is described in the article about Windows >>> interoperability[1]. >>> >>> [1] >>> https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#Split-routing-on-Windows-10-and-Windows-10-Mobile >>> >>> Kind regards >>> >>> Noel >>> >>>> On 07.08.2018 09:07, Christian Salway wrote: >>>> Hello all, >>>> >>>> After several months of using strongSwan, I still can't get the routing to >>>> work correctly on the clients. I have run out of pages to read on the >>>> strongswan website so I hope you can help me out. >>>> >>>> The problem is when I connect to strongSwan, the routing is not configured >>>> correctly on the clients (OSX and Windows) - using native (built-in) >>>> clients. All updated with the latest patches/updates. >>>> >>>> OSX will set up a route based on the local_ts but when I open a >>>> simultaneous connection to another strongSwan server, it removes the route >>>> from the first VPN connection and adds it's own based on the local_ts. >>>> >>>> WINDOWS doesnt add the route at all. >>>> >>>> In either cause, I normally have to manually add the routes in. >>>> >>>> Has anyone had any success? Can they please shed some light as to how they >>>> achieved it? >>>> >>>> >>>> Kind regards, >>>> >>>> *Christian Salway* >>>> IT Consultant - *Naimuri* >>>> >>>> T: +44 7463 331432 >>>> E: christian.sal...@naimuri.com <mailto:christian.sal...@naimuri.com> >>>> A: Naimuri Ltd, Chandlers Point, Manchester M50 2UW >>>> >>> >
