Option added to enforce a configured destination address for DHCP packets

man/strongswan.conf.5.in

@@ -323,6 +323,14 @@ Hashing algorithm to fingerprint coupled certificates
 .BR charon.plugins.coupling.max " [1]"
 Maximum number of coupling entries to create
 .TP
+.BR charon.plugins.dhcp.force_server_address " [no]"
+Always use the configured server address. This might be helpful if the DHCP
+server runs on the same host as strongSwan, and the DHCP daemon does not listen
+on the loopback interface.  In that case the server cannot be reached via
+unicast (or even 255.255.255.255) as that would be routed via loopback.
+Setting this option to yes and configuring the local broadcast address (e.g.
+192.168.0.255) as server address might work.
+.TP
 .BR charon.plugins.dhcp.identity_lease " [no]"
 Derive user-defined MAC address from hash of IKEv2 identity
 .TP

src/libcharon/plugins/dhcp/dhcp_socket.c

@@ -105,6 +105,11 @@ struct private_dhcp_socket_t {
 	 * DHCP server address, or broadcast
 	 */
 	host_t *dst;
+
+	/**
+	 * Force configured destination address
+	 */
+	bool force_dst;
 };
 
 /**
@@ -266,7 +271,7 @@ static bool send_dhcp(private_dhcp_socket_t *this,
 	ssize_t len;
 
 	dst = transaction->get_server(transaction);
-	if (!dst)
+	if (!dst || this->force_dst)
 	{
 		dst = this->dst;
 	}
@@ -701,6 +706,9 @@ dhcp_socket_t *dhcp_socket_create()
 	this->identity_lease = lib->settings->get_bool(lib->settings,
 								"%s.plugins.dhcp.identity_lease", FALSE,
 								charon->name);
+	this->force_dst = lib->settings->get_str(lib->settings,
+								"%s.plugins.dhcp.force_server_address", FALSE,
+								charon->name);
 	this->dst = host_create_from_string(lib->settings->get_str(lib->settings,
 								"%s.plugins.dhcp.server", "255.255.255.255",
 								charon->name), DHCP_SERVER_PORT);