dhcp: Only send client identifier if identity_lease is enabled
The client identifier serves as unique identifier just like a unique MAC address would, so even with identity_leases disabled some DHCP servers might assign unique leases per identity.
This commit is contained in:
parent
0e5b94d038
commit
7b660944b6
|
@ -9,7 +9,8 @@ charon.plugins.dhcp.force_server_address = no
|
||||||
192.168.0.255) as server address might work.
|
192.168.0.255) as server address might work.
|
||||||
|
|
||||||
charon.plugins.dhcp.identity_lease = no
|
charon.plugins.dhcp.identity_lease = no
|
||||||
Derive user-defined MAC address from hash of IKE identity.
|
Derive user-defined MAC address from hash of IKE identity and send client
|
||||||
|
identity DHCP option.
|
||||||
|
|
||||||
charon.plugins.dhcp.server = 255.255.255.255
|
charon.plugins.dhcp.server = 255.255.255.255
|
||||||
DHCP server unicast or broadcast IP address.
|
DHCP server unicast or broadcast IP address.
|
||||||
|
|
|
@ -268,7 +268,8 @@ static int prepare_dhcp(private_dhcp_socket_t *this,
|
||||||
remaining -= sizeof(dhcp_option_t) + option->len;
|
remaining -= sizeof(dhcp_option_t) + option->len;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (remaining >= sizeof(dhcp_option_t) + 2)
|
if (this->identity_lease &&
|
||||||
|
remaining >= sizeof(dhcp_option_t) + 2)
|
||||||
{
|
{
|
||||||
option = (dhcp_option_t*)&dhcp->options[optlen];
|
option = (dhcp_option_t*)&dhcp->options[optlen];
|
||||||
option->type = DHCP_CLIENT_ID;
|
option->type = DHCP_CLIENT_ID;
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
moon::ipsec stop
|
moon::ipsec stop
|
||||||
carol::ipsec stop
|
carol::ipsec stop
|
||||||
dave::ipsec stop
|
dave::ipsec stop
|
||||||
venus::cat /var/state/dhcp/dhcpd.leases
|
venus::cat /var/lib/dhcp/dhcpd.leases
|
||||||
venus::service isc-dhcp-server stop 2> /dev/null
|
venus::service isc-dhcp-server stop 2> /dev/null
|
||||||
|
venus::rm /var/lib/dhcp/dhcpd.leases*; touch /var/lib/dhcp/dhcpd.leases
|
||||||
moon::iptables-restore < /etc/iptables.flush
|
moon::iptables-restore < /etc/iptables.flush
|
||||||
carol::iptables-restore < /etc/iptables.flush
|
carol::iptables-restore < /etc/iptables.flush
|
||||||
dave::iptables-restore < /etc/iptables.flush
|
dave::iptables-restore < /etc/iptables.flush
|
||||||
|
|
|
@ -6,6 +6,7 @@ charon {
|
||||||
plugins {
|
plugins {
|
||||||
dhcp {
|
dhcp {
|
||||||
server = 10.1.255.255
|
server = 10.1.255.255
|
||||||
|
identity_lease = yes
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,8 +3,9 @@ dave::swanctl --terminate --ike home
|
||||||
carol::systemctl stop strongswan-swanctl
|
carol::systemctl stop strongswan-swanctl
|
||||||
dave::systemctl stop strongswan-swanctl
|
dave::systemctl stop strongswan-swanctl
|
||||||
moon::systemctl stop strongswan-swanctl
|
moon::systemctl stop strongswan-swanctl
|
||||||
venus::cat /var/state/dhcp/dhcpd.leases
|
venus::cat /var/lib/dhcp/dhcpd.leases
|
||||||
venus::server isc-dhcp-server stop 2> /dev/null
|
venus::service isc-dhcp-server stop 2> /dev/null
|
||||||
|
venus::rm /var/lib/dhcp/dhcpd.leases*; touch /var/lib/dhcp/dhcpd.leases
|
||||||
moon::iptables-restore < /etc/iptables.flush
|
moon::iptables-restore < /etc/iptables.flush
|
||||||
carol::iptables-restore < /etc/iptables.flush
|
carol::iptables-restore < /etc/iptables.flush
|
||||||
dave::iptables-restore < /etc/iptables.flush
|
dave::iptables-restore < /etc/iptables.flush
|
||||||
|
|
Loading…
Reference in New Issue