[strongSwan] how to configure both IPv4 and IPv6 DNS addresses together in strongswan.conf of strongswan-5.0.0 with IKEv2

Tobias Brunner tobias at strongswan.org
Mon Sep 10 15:27:06 CEST 2012


Hi Zhiheng,

> If I configured both IPv4 and IPv6 DNS addresses in strongswan.conf on
> Moon as  attr {  dns  = 1.2.3.4, 2002:c023:9c17:21c::1234  }, looks like
> Carol is assuming that  the second DNS it received should also be IPv4

You are right, the code that parses these attributes used the same
attribute type for all comma separated values.

I pushed a fix for it to our repository [1].

> So my question to the server side is: is this the right way to configure
> both IPv4 and IPv6 DNS addresses together in strongswan.conf?

Yes, that's the right way and the patch should fix it.  As a workaround
you could also configure it like this:

charon {
  dns1 = 1.2.3.4
  dns2 = 2002:c023:9c17:21c::1234
}

> Or more general: does IKEv2 support sending different address types
> (IPv4 and IPv6) in the same message for DNS or DHCP?

Absolutely.  But note that we only just recently added support for
requesting multiple virtual IP addresses from a gateway (i.e. an IPv4
and an IPv6 address).  These changes will be included in the upcoming
5.0.1 release, until then you are welcome to try the current developer
release [2] (I think Andreas will release a new one later today, which
should also include this patch).

Regards,
Tobias

[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=4065e250
[2] http://www.strongswan.org/download.html




More information about the Users mailing list