[strongSwan-dev] DNS resolution

N, SHASHANK (SHASHANK) shashank.n at alcatel-lucent.com
Fri May 21 12:50:20 CEST 2010 

Hi,

In case of IKEv1 (using strongswan 4.3.5), the connection structure is uploaded to Pluto with IP-address of the FQDN (right-id). However if ip-address changes for the FQDN, could you please tell me how is it reflected back to the connection structure already uploaded to Pluto?
One of the scenarios is DPD where SA could go down due to change in peer IP address.
In this case, how will Pluto resolve the FQDN to get the new (changed) IP address?? Does it happen on the fly??

Regards,
Shashank



-----Original Message-----
From: Andreas Steffen [mailto:andreas.steffen at strongswan.org]
Sent: Thursday, December 24, 2009 12:12 PM
To: N, SHASHANK (SHASHANK)
Cc: dev at lists.strongswan.org
Subject: Re: [strongSwan-dev] DNS resolution

Hi Shashank,

strongSwan uses a Linux system call to resolve FQDNs in "right".
The IKEv1 pluto daemon relies on ipsec starter to resolve any hostnames before the connection data is uploaded to the daemon via the whack interface whereas the IKEv2 charon daemon receives the FQDN as a string via the stroke interface and does name resolution on the fly shortly before actually negotiating the IPsec tunnel. The name servers are configured in /etc/resolv.conf either statically or via NetworkManager. Using the leftsourceip=%config setting triggers a virtual IP address/DNS request via the IKEv2 Configuration Payload and the additional internal name servers that are delivered by the VPN server are automatically added to /etc/resolv.conf either via the default resolve plugin or via the nm NetworkManager plugin if using the strongSwan NetworkManager Applet. When the VPN connection goes down, these internal servers are removed again and only the external or servers remain in /etc/resolv.conf.

Kind regards

Andreas

_____________________________________________
From: N, SHASHANK (SHASHANK)
Sent: Thursday, December 24, 2009 10:20 AM
To: 'dev at lists.strongswan.org'
Subject: DNS resolution

Hi,

In strongswan 4.3 if I give an FQDN for “right”, how will the DNS resolution happen?
Does it have an inbuilt DNS client? If yes, then how to configure name-servers?
Any help on this is greatly appreciated.

Thanks and Regards,
Shashank

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20100521/56cfaa0c/attachment.html>

More information about the Dev mailing list