Reply
New Member
Posts: 13
Registered: ‎06-02-2014
Kudos: 4

StrongSwan Plugins DHCP/FARP missing in FW 1.9.1 ?

Hello,

it seems to me that strongSwan plugins DHCP and FARP are missing in my FW 1.9.1 on ERL.

sudo ipsec version

Linux strongSwan U5.2.2/K3.10.20-UBNT

 

I can't find them in the list shown using:
sudo ipsec listplugins


And I'm unable to use my existing DHCP for virtual adress pool for road-warriors since I upgraded from 1.5. This does not work anymore:

rightsourceip=%dhcp


For further information what the plugins do and how to enable (at compile time):
DHCP Plugin: https://wiki.strongswan.org/projects/strongswan/wiki/DHCPPlugin
FARP Plugin: https://wiki.strongswan.org/projects/strongswan/wiki/FARPPlugin

Any reason these are not enabled (anymore)?

I need them :-(

New Member
Posts: 13
Registered: ‎06-02-2014
Kudos: 4

Re: StrongSwan Plugins DHCP/FARP missing in FW 1.9.1 ?

There was a newer version of this thread, including an extensive guide and explanations.
Sadly it got deleted and I don't have time to recreate it.

Here are the links for missing plugins (selfcompiled, for 1.9.1):
https://drive.google.com/open?id=0B-6rsj6uHlola0ZYM3VJM0ZheXM
https://drive.google.com/open?id=0B-6rsj6uHlolLWtCbGNsV2Jnd1E

You must explicitly enable them in strongswan.conf

New Member
Posts: 27
Registered: ‎06-04-2017
Kudos: 8
Solutions: 1

Re: StrongSwan Plugins DHCP/FARP missing in FW 1.9.1 ?

Were these "accidentally" removed and bound to be back in a coming release or are they gone for good and have to be manually compiled and installed going forward?
I feel these plugins are essential for creating a useful roadwarrior VPN setup...
New Member
Posts: 13
Registered: ‎06-02-2014
Kudos: 4

Re: StrongSwan Plugins DHCP/FARP missing in FW 1.9.1 ?

Anyone any idea if the plugins are back in 1.9.7 and or the hotfixed 1.9.7 ?
I did not spot anything mentioned in a quick review of the release notes...

I also kinda gave up hoping for a response from Ubiquiti here...

And I'm not really willed to crosscompile these libs myself for any major versions.

 

@Ubiquiti
If there's something that is not understandable here, I'm willed to explain...
You broke out-of-box support for a nice expert VPN road-warrior setup using strongSwan. I know it's nothing directly supported from UI or CLI. But so far it was working by only modifying configuration files. But with the attached plugins missing in the latest releases, it's very very painful to get it to work (=crosscompile them yourself). Would you please enable these plugins again in your strongSwan build configuration? That's a quick an easy task for your devs...

Highlighted
Ubiquiti Employee
Posts: 1,172
Registered: ‎07-20-2015
Kudos: 1315
Solutions: 76

Re: StrongSwan Plugins DHCP/FARP missing in FW 1.9.1 ?


contralateral wrote:
Were these "accidentally" removed and bound to be back in a coming release or are they gone for good and have to be manually compiled and installed going forward?
I feel these plugins are essential for creating a useful roadwarrior VPN setup...

Those plugins were removed intentionally in 1.8.0 because in "strongSwan 5.2.2" those plugins are causing conflict with local DHCP server and LAN client fail to get IP addresses when VPN is up.

 

This issue was discussed here -> https://community.ubnt.com/t5/EdgeMAX-Beta/1-8-0a1-Clients-on-DHCP-are-not-able-to-obtain-IP-address...

New Member
Posts: 13
Registered: ‎06-02-2014
Kudos: 4

Re: StrongSwan Plugins DHCP/FARP missing in FW 1.9.1 ?

Thanks for the information.

Unfortunately I don't seem to have access to the linked forum thread. :-(

 

I'm using strongSwan with the mentioned plugins and I don't seem to have any DHCP related issues. However, my LAN DHCP is not provided by the EdgeRouter's internal DHCP, instead I use two dedicated fail-over DHCP servers on my LAN. This might be the important difference here...

 

But I see some sort of compromise here, yet it's more work for you guys :-(

 

1) Build and ship strongswan without DHCP and FARP plugins by default (like right now).
2) Build strongswan again with dhcp and farp enabled this time (to get the two shared libs/plugins)
3) Add dhcp and farp libs from (2) to the build you distribute on your unit from (1)

Result: By default strongswan will not load plugins which weren't enabled at compile time. Which means it will just ignore the dhcp and farp plugins and everything is like now. But people like me who need these plugins can just enable them manually by editing the strongswan.conf file.

The big problem here is the cross compiling, which would be solved this way...

New Member
Posts: 2
Registered: ‎10-08-2015

Re: StrongSwan Plugins DHCP/FARP missing in FW 1.9.1 ?

@Ubiquiti: It would be really nice to provide these plugins as suggested by @cyberjunk.
Senior Member
Posts: 5,692
Registered: ‎01-04-2017
Kudos: 795
Solutions: 288

Re: StrongSwan Plugins DHCP/FARP missing in FW 1.9.1 ?

Make a feature request and cross your fingers
Ubiquiti Employee
Posts: 1,172
Registered: ‎07-20-2015
Kudos: 1315
Solutions: 76

Re: StrongSwan Plugins DHCP/FARP missing in FW 1.9.1 ?

[ Edited ]
Reply