<div dir="ltr">Anvar, thank you so much! This works perfectly.<br></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Oct 6, 2017 at 3:20 PM Anvar Kuchkartaev <<a href="mailto:anvar@anvartay.com">anvar@anvartay.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="en-GB" style="background-color:rgb(255,255,255);line-height:initial"> <div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">The best practice is creating dummy virtual interface and assign ip address to it and use it as dns server ip address.</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">modprobe dummy</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">ip link set dummy0 up</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">ifconfig dummy0 <a href="http://1.1.1.1/32" target="_blank">1.1.1.1/32</a><span style="font-size:initial;line-height:initial;text-align:initial"></span></div> <div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">Now you can use it as internal ip address of dns server (you might change 1.1.1.1 with other ip address according to your network planning).</div></div><div lang="en-GB" style="background-color:rgb(255,255,255);line-height:initial"><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div> <div style="font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">Anvar Kuchkartaev <br><a href="mailto:anvar@anvartay.com" target="_blank">anvar@anvartay.com</a> </div> <table width="100%" style="background-color:white;border-spacing:0px"> <tbody><tr><td colspan="2" style="font-size:initial;text-align:initial;background-color:rgb(255,255,255)"> <div style="border-style:solid none none;border-top-color:rgb(181,196,223);border-top-width:1pt;padding:3pt 0in 0in;font-family:Tahoma,'BB Alpha Sans','Slate Pro';font-size:10pt"> <div><b>From: </b>Dan Vee</div><div><b>Sent: </b>sábado, 7 de octubre de 2017 12:01 a.m.</div><div><b>To: </b><a href="mailto:users@lists.strongswan.org" target="_blank">users@lists.strongswan.org</a></div><div><b>Subject: </b>[strongSwan] Client access to DNS service running on same host as strongSwan server</div></div></td></tr></tbody></table></div><div lang="en-GB" style="background-color:rgb(255,255,255);line-height:initial"><div style="border-style:solid none none;border-top-color:rgb(186,188,209);border-top-width:1pt;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"></div><br><div id="m_8932747438023560430_originalContent"><div dir="ltr"><span style="color:rgb(33,33,33);font-size:13px">Hi,</span><div style="color:rgb(33,33,33);font-size:13px"><br></div><div style="color:rgb(33,33,33);font-size:13px">I currently have strongSwan server setup on a VPS host, and I'm also running an adblocking DNS server (not exposed to internet) on this same host. The server only has one interface and it has a public IP address (e.g. 1.2.3.4). I'd like to configure strongSwan to hand out a DNS address (for this local DNS server) for any clients that connect. I have two problems:</div><div style="color:rgb(33,33,33);font-size:13px">* I don't know how to make the DNS service running on the same VPS host accessible to the connecting client. My client has a virtual IP (e.g. 10.20.30.1) and not sure how I can communicate directly with a service running locally on this VPS host.</div><div style="color:rgb(33,33,33);font-size:13px">* I don't know what IP I should I pass back to the client for this DNS address. I have no private IP address on this server. Should I return the public IP address for the server?</div><div style="color:rgb(33,33,33);font-size:13px"><br></div><div style="color:rgb(33,33,33);font-size:13px"><br></div><div style="color:rgb(33,33,33);font-size:13px">Server config</div><div style="color:rgb(33,33,33);font-size:13px">------------------------------------</div><div style="color:rgb(33,33,33);font-size:13px"><div>config setup</div><div> uniqueids=never</div><div> charondebug="cfg 2, dmn 2, ike 2, net 2"</div><div>conn %default</div><div> keyexchange=ike</div><div> dpdaction=clear</div><div> dpddelay=300s</div><div> rekey=no</div><div> left=%any</div><div> leftca=ca.cert.pem</div><div> leftcert=server.cert.pem</div><div> leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></div><div> right=%any</div><div> rightdns=????</div><div> rightsourceip=<a href="http://10.20.30.0/24" target="_blank">10.20.30.0/24</a></div><div> rightsubnets=<a href="http://192.168.3.0/24" target="_blank">192.168.3.0/24</a></div><div>conn IPSec-IKEv2</div><div> keyexchange=ikev2</div><div> ike=aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024!</div><div> esp=aes256-sha256,3des-sha1,aes256-sha1!</div><div> leftid="1.2.3.4"</div><div> leftsendcert=always</div><div> leftauth=pubkey</div><div> rightauth=pubkey</div><div> rightid="<a href="mailto:client@1.2.3.4" target="_blank">client@1.2.3.4</a>"</div><div> rightcert=client.cert.pem</div><div> auto=add</div></div><div style="color:rgb(33,33,33);font-size:13px"><br></div><div style="color:rgb(33,33,33);font-size:13px">Any help would be greatly appreciated. Thanks!</div></div>
<br></div></div></blockquote></div>