[strongSwan-dev] Configuring "leftdns" to %config4 amn/or %config6

Martin Willi martin at strongswan.org
Fri Jan 4 11:15:52 CET 2013


> My question is: What is the aim of setting the parameter "leftdns"
> with %config4 or %config6, if the server or local strongswan does not
> take into account ?

According to RFC5996, a responder can send any DNS attribute regardless
of what the initiator requested. In strongSwan, we handle this by
sending just what we have configured for that client, regardless of what
it requested. Because of this responder policy, it does not make much
sense to set leftdns on strongSwan-strongSwan installations.

Other implementations of IKEv2 handle things differently, hence it might
be required to request specific DNS attributes to get both IPv4 and IPV6
(or whatever you ask for).


