[strongSwan] ipsec detection on isc dhcpd
Christ Schlacta
lists at aarcane.org
Fri Jul 15 08:45:20 CEST 2011
Comments added below.
Also, I'd like to take this chance to thank the strongswan folks for
making IKEv2 a reality. I'm quite happy with how everything is working
now, and I look forward to expanding to IPv6 support in the near future,
including ipsec/IKEv2/Strongswan. Thank you all!
On 7/14/2011 23:35, Martin Willi wrote:
> Hi,
>
>> 1) I'm hoping DHCP will, (connection specific DNS suffix, which
>> allows hostname to resolve instead of hostname.example.com)
> No, IKEv2 does not specify an attribute to assign DNS suffix'. It would
> be possible to write such an extension, but this won't work with Windows
> clients.
>
> You can specify the DNS suffix on the VPN connection manually, but this
> probably isn't what you want.
no, that's not what I want. it'd be nice if it worked though. perhaps
a suggestion for the strongswan developers to bring up whenever the next
rfc is being revised.
>
>> 2) farp doesn't seem to be working for me without dhcp, nor does routing of any
>> sort, and I'm hoping that using dhcp will fix that.
> No, the farp plugin works independently of the pool backend. There must
> be another problem.
>
> Regards
> Martin
>
I needed the seldom-mentioned lefthostaccess=yes. that fixed issue 2.
More information about the Users
mailing list