<div dir="ltr"><div><div><div>Hi,<br><br></div>From the man page and mailing list, I found updown plugin can be used to achieve the purpose.<br><br></div>So I removed "resolve" section from strongswan.conf and added "updown" with dns_handler = yes.</div><div>like below.<br></div><div> updown {<br> dns_handler = yes<br> load = yes<br> }<br><br></div><div>_updown script gets called whenever tunnel is established, but I find PLUTO_DNS6_1 env variables empty.</div><div>Looks like resolv plugin which is enabled by default gets invoked and DNS entry is updated in /etc/resolv.conf</div><div><br></div><div>[root@0005B9888880 root]# cat /etc/resolv.conf<br>nameserver 2001:0:0:13::1 # by strongSwan<br><br></div><div>In CFG_REQUEST client is sending INTERNAL_IP6_ADDR and INTERNAL_IP6_DNS payload to request for ipv6 TIA and ipv6 DNS addr.</div><div>Security gateway responds with IPv6 TIA and IPv6 DNS. <br></div><div><br></div><div>My strongswan client configuration is similar to one example mentioned in strongswan site</div><div><a href="https://www.strongswan.org/testing/testresults/ipv6-stroke/rw-ip6-in-ip4-ikev2/carol.ipsec.conf">https://www.strongswan.org/testing/testresults/ipv6-stroke/rw-ip6-in-ip4-ikev2/carol.ipsec.conf</a><br></div><div><br></div><div>Is there anything I m missing here ?</div><div> Kindly let me know.</div><div><br></div><div>Regards,<br></div><div>Sriram.<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 4, 2018 at 11:52 AM, Sriram <span dir="ltr"><<a href="mailto:sriram.ec@gmail.com" target="_blank">sriram.ec@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><pre>Hi,
<br>We are using strongswan - 5.3.0 in our linux device, which is a strongswan client which works in tunnel mode with virtual IP.<br><br>It establishes tunnels towards two security gateways.
like for example
eth0.489(10.0.0.1) ------ 10.201.100.1(secgw1)
eth0.490(10.0.10.1) ------ 10.201.100.2(secgw2)
In strongswan.conf, under plugins sections.
resolve {
file=/etc/resolvtunnel.conf
}
when both tunnels are established I see that DNS servers pushed by secgw's
are appended in /etc/resolvtunnel.conf.
I want to know If it is possible to generate two resolv.conf files like for
secgw1, /etc/resolvtunnel_secgw1.conf and for secgw2,
/etc/resolvtunnel_secgw2.conf
<br>
Regards,
Sriram.</pre></div>
</blockquote></div><br></div>