[Vpn-help] DHCP-over-IPsec with FortiGate 300A 4.0 MR1
Mattle Marco
marco.mattle at ecofin.ch
Thu Sep 24 10:19:24 CDT 2009
Hi all,
ShrewSoft client works like a charm, unless this experimental
dhcp-over-ipsec issue.
The client tries to request a dhcp lease but fails really fast. The
Fortigate unit barks with the following error message.
ike 0:<tunnelName>:<phase2name>: sending tunnel UP notification
(xid:c0a92361) L3 socket: received request message from <clientIP>:68 to
<tunnelEndIP> at port1
(xid:c0a92361) message does not have 'end' option
We're running the dhcp-relay option on the fortigate. It is relaying
requests from the newest isc dhcpd (openSUSE).
Output from fortigate unit enabled with:
diagnose debug application ike 0xfff
diagnose debug application dhcprelay 0xffff
diagnose debug enable
Shrew IKE debug log:
09/09/24 17:07:18 K< : recv pfkey UPDATE ESP message
09/09/24 17:07:18 ii : sending DHCP over IPsec discover
09/09/24 17:07:19 ii : sending DHCP over IPsec discover
09/09/24 17:07:20 ii : sending DHCP over IPsec discover
09/09/24 17:07:21 ii : sending DHCP over IPsec discover
09/09/24 17:07:22 ii : sending DHCP over IPsec discover
09/09/24 17:07:23 ii : sending DHCP over IPsec discover
09/09/24 17:07:24 ii : sending DHCP over IPsec discover
09/09/24 17:07:25 DB : tunnel ref decrement ( ref count = 7, obj count =
1 )
09/09/24 17:07:25 DB : policy not found
09/09/24 17:07:25 DB : policy not found
09/09/24 17:07:25 DB : policy not found
09/09/24 17:07:25 DB : policy not found
09/09/24 17:07:25 DB : policy not found
09/09/24 17:07:25 DB : policy not found
09/09/24 17:07:25 ii : removing IPsec over DHCP policies
<more teardown>
Maybe that is sufficient for the moment. I'll later file a bug with all
the logs.
Best Regards,
Marco
More information about the vpn-help
mailing list