diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index 70149bce7..4f30c42f0 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -323,6 +323,14 @@ Hashing algorithm to fingerprint coupled certificates .BR charon.plugins.coupling.max " [1]" Maximum number of coupling entries to create .TP +.BR charon.plugins.dhcp.force_server_address " [no]" +Always use the configured server address. This might be helpful if the DHCP +server runs on the same host as strongSwan, and the DHCP daemon does not listen +on the loopback interface. In that case the server cannot be reached via +unicast (or even 255.255.255.255) as that would be routed via loopback. +Setting this option to yes and configuring the local broadcast address (e.g. +192.168.0.255) as server address might work. +.TP .BR charon.plugins.dhcp.identity_lease " [no]" Derive user-defined MAC address from hash of IKEv2 identity .TP diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index 8f976aead..104c71c01 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -105,6 +105,11 @@ struct private_dhcp_socket_t { * DHCP server address, or broadcast */ host_t *dst; + + /** + * Force configured destination address + */ + bool force_dst; }; /** @@ -266,7 +271,7 @@ static bool send_dhcp(private_dhcp_socket_t *this, ssize_t len; dst = transaction->get_server(transaction); - if (!dst) + if (!dst || this->force_dst) { dst = this->dst; } @@ -701,6 +706,9 @@ dhcp_socket_t *dhcp_socket_create() this->identity_lease = lib->settings->get_bool(lib->settings, "%s.plugins.dhcp.identity_lease", FALSE, charon->name); + this->force_dst = lib->settings->get_str(lib->settings, + "%s.plugins.dhcp.force_server_address", FALSE, + charon->name); this->dst = host_create_from_string(lib->settings->get_str(lib->settings, "%s.plugins.dhcp.server", "255.255.255.255", charon->name), DHCP_SERVER_PORT);