[strongSwan] ipsec detection on isc dhcpd

Christ Schlacta lists at aarcane.org
Fri Jul 15 08:45:20 CEST 2011

Comments added below.

Also, I'd like to take this chance to thank the strongswan folks for 
making IKEv2 a reality.  I'm quite happy with how everything is working 
now, and I look forward to expanding to IPv6 support in the near future, 
including ipsec/IKEv2/Strongswan.  Thank you all!

On 7/14/2011 23:35, Martin Willi wrote:
> Hi,
>> 1) I'm hoping DHCP will, (connection specific DNS suffix, which
>> allows hostname to resolve instead of hostname.example.com)
> No, IKEv2 does not specify an attribute to assign DNS suffix'. It would
> be possible to write such an extension, but this won't work with Windows
> clients.
> You can specify the DNS suffix on the VPN connection manually, but this
> probably isn't what you want.
no, that's not what I want.  it'd be nice if it worked though.  perhaps 
a suggestion for the strongswan developers to bring up whenever the next 
rfc is being revised.
>> 2) farp doesn't seem to be working for me without dhcp, nor does routing of any
>> sort, and I'm hoping that using dhcp will fix that.
> No, the farp plugin works independently of the pool backend. There must
> be another problem.
> Regards
> Martin
I needed the seldom-mentioned lefthostaccess=yes.  that fixed issue 2.

More information about the Users mailing list