[strongSwan] Nameservers over ikev2

Julian Poschmann julian.poschmann at rwth-aachen.de
Fri Jul 1 13:19:31 CEST 2011

Hash: SHA1


is it possible to set the dns servers that are pushed to the client
seperatly for each conn entry in ipsec.conf?

I'm setting up a gateway to connect external users via internet and also
users from a neighbouring house via ethernet connection (which is to be
secured by ipsec).

Users from the neighbouring house should get all their traffic routed
through the vpn and use the internal dns (which is the only one they can
reach) for internet access.

External users on the other hand are only able to access the internal
net, but not the internal internet connection. So they should use their
isp's nameserver instead.

While using the internal nameserver works also for external users, it
would be nice, if their dns requests/replies wouldn't use the internal
dns server.

I've only seen the dns1/2 options in strongswan.conf so far, which
define servers for all connections.

Kind regards,
  Julian Poschmann

- -- 
Julian Poschmann
Josefstr. 126
52080 Aachen-Eilendorf

Telefon: +49 170 3295135
E-Mail: julian.poshmannn at rwth-aachen.de
PGP-ID: 0x7D51DD8B
Version: GnuPG v1.4.11 (MingW32)


More information about the Users mailing list