[strongSwan] Acquiring a DNS server address through config payload
Pisano, Stephen G (Stephen)
Stephen.Pisano at alcatel-lucent.com
Wed Jun 20 18:52:39 CEST 2012
Hi Martin:
Thanks.
A few follow-ups:
Is there a way, via configuration, to prevent strongSwan from updating the DNS configuration as a result of the configuration payload exchange?
The custom "attribute handlers" look interesting/useful. Is there any documentation or sample code on it?
Regards,
Stephen
>-----Original Message-----
>From: Martin Willi [mailto:martin at strongswan.org]
>Sent: Wednesday, June 20, 2012 3:47 AM
>To: Pisano, Stephen G (Stephen)
>Cc: users at lists.strongswan.org
>Subject: Re: [strongSwan] Acquiring a DNS server address through config
>payload
>
>Hello Stephen,
>
>> so I wonder how these configurations interact (i.e., ;
>> --with-resolve-conf configure directive; vs.
>> 'charon.plugins.resolve.file')?
>
>The "resolve" plugin can handle DNS server installation. Starting with
>4.6.3, it will use resolvconf (8), if available. Otherwise it will
>directly modify resolv.conf (5). The default file to modify is
>${sysconfdir}/resolv.conf, but this default can be changed using the
>--with-resolv-conf option. The strongswan.conf
>charon.plugins.resolve.file overrides any default option.
>
>> Also, rather than have the have strongSwan modify the resolv.conf
>> file, it would be desireable to have a notification of the returned
>> DSN server address via up/down script, and the conveyance of the
>> address via a variable (just as PLUTO_MY_SOURCEIP is set in the
>> virtual IP case). Is such a behavior currently supported?
>
>The updown script currently does not know DNS server information.
>Registering custom "attribute handlers" is possible, though, using the
>attribute_handler_t interface [1].
>
>Regards
>Martin
>
>[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/attrib
>utes/attribute_handler.h
>
More information about the Users
mailing list