[strongSwan] Strongswan 5.0.4 - RoadWarrior DNS Configuration (RIGHTDNS)?

Paton, Andy andy.paton at hp.com
Fri Jun 14 10:29:34 CEST 2013


Hello,

Following on from some of my further questions on the subject, I am in the process of creating a demo for a unified IPSEC gateway with StrongSwan and my latest challenge is DNS configuration.

In my configuration I multiple backend subnets, for distinct systems. Each of these subnets has their own DNS server.

Ideally I don't want to promote a DNS server / forwarder to the edge of my network, and would like Strongswan to handle the client DNS configuration. To that end I believe since StrongSwan 5.0.4 there is the ability to specify rightdns=xxx.xxx.xxx.xxx in the configuration.

However this doesn't appear to be working for me - as the connected clients are not being sent over to the DNS servers.

My current config (for the connection)

conn group1
left=10.1.0.2<http://10.1.0.2>
leftcert=vpnserver.crt
leftsubnet=172.17.81.128/27<http://172.17.81.128/27>
leftid=vpnserver.of.our.company.fqdn
leftfirewall=yes
right=%any
rightid="DC=de, DC=company, O=Companyname, OU=group1 certificate, CN=*"
rightsourceip=10.0.50.0/24<http://10.0.50.0/24>
rightdns=172.17.81.142
auto=add

conn group2
left=10.1.0.2<http://10.1.0.2>
leftcert=vpnserver.crt
leftsubnet=162.17.81.128/27
leftid=vpnserver.of.our.company.fqdn
leftfirewall=yes
right=%any
rightid="DC=de, DC=company, O=Companyname, OU=group2 certificate, CN=*"
rightdns=162.17.81.142
rightsourceip=10.0.60.0/24<http://10.0.60.0/24>

And the content from Strongswan.conf (not changed from the default install).

[cid:image002.jpg at 01CE68E1.AAB741B0]
[cid:image003.jpg at 01CE68E1.AAB741B0]


What am I missing here?

Regards,

Andy Paton
Business Development Solution Architect
ATLAS CTOSD
UK Public Sector
Defence, Home & Foreign Affairs

andy.paton at hp.com<mailto:andy.paton at hp.com>
M +44 7786 748 199
HP Enterprise Services Defence & Security UK Ltd
Registered Office:
Cain Road
Bracknell, Berkshire, RG12 1HN
United Kingdom

[HP]<http://www.hp.com/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130614/3c611c74/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3690 bytes
Desc: image001.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130614/3c611c74/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 34421 bytes
Desc: image002.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130614/3c611c74/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 11183 bytes
Desc: image003.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130614/3c611c74/attachment-0001.jpg>


More information about the Users mailing list