[strongSwan] Strongswan 5.0.4 - RoadWarrior DNS Configuration (RIGHTDNS)?
Paton, Andy
andy.paton at hp.com
Mon Jun 17 11:04:39 CEST 2013
All,
I was wondering if anyone had any thoughts on the below?
It doesn't appear that rightdns is adding entries to the resolv.conf file?
Manually adding entries to this file also seem to appear to fail DNS lookup when accessing over the tunnel, however the local machine (Gateway) is able to resolve the names.
Regards,
Andy Paton
[HP]<http://www.hp.com/>
From: Paton, Andy
Sent: 14 June 2013 09:29
To: users at lists.strongswan.org
Subject: Strongswan 5.0.4 - RoadWarrior DNS Configuration (RIGHTDNS)?
Hello,
Following on from some of my further questions on the subject, I am in the process of creating a demo for a unified IPSEC gateway with StrongSwan and my latest challenge is DNS configuration.
In my configuration I multiple backend subnets, for distinct systems. Each of these subnets has their own DNS server.
Ideally I don't want to promote a DNS server / forwarder to the edge of my network, and would like Strongswan to handle the client DNS configuration. To that end I believe since StrongSwan 5.0.4 there is the ability to specify rightdns=xxx.xxx.xxx.xxx in the configuration.
However this doesn't appear to be working for me - as the connected clients are not being sent over to the DNS servers.
My current config (for the connection)
conn group1
left=10.1.0.2<http://10.1.0.2>
leftcert=vpnserver.crt
leftsubnet=172.17.81.128/27<http://172.17.81.128/27>
leftid=vpnserver.of.our.company.fqdn
leftfirewall=yes
right=%any
rightid="DC=de, DC=company, O=Companyname, OU=group1 certificate, CN=*"
rightsourceip=10.0.50.0/24<http://10.0.50.0/24>
rightdns=172.17.81.142
auto=add
conn group2
left=10.1.0.2<http://10.1.0.2>
leftcert=vpnserver.crt
leftsubnet=162.17.81.128/27
leftid=vpnserver.of.our.company.fqdn
leftfirewall=yes
right=%any
rightid="DC=de, DC=company, O=Companyname, OU=group2 certificate, CN=*"
rightdns=162.17.81.142
rightsourceip=10.0.60.0/24<http://10.0.60.0/24>
And the content from Strongswan.conf (not changed from the default install).
[cid:image002.jpg at 01CE6B42.11C2B670]
[cid:image003.jpg at 01CE6B42.11C2B670]
What am I missing here?
Regards,
Andy Paton
Business Development Solution Architect
ATLAS CTOSD
UK Public Sector
Defence, Home & Foreign Affairs
andy.paton at hp.com<mailto:andy.paton at hp.com>
M +44 7786 748 199
HP Enterprise Services Defence & Security UK Ltd
Registered Office:
Cain Road
Bracknell, Berkshire, RG12 1HN
United Kingdom
[HP]<http://www.hp.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130617/eb494595/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3690 bytes
Desc: image001.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130617/eb494595/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 34421 bytes
Desc: image002.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130617/eb494595/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 11183 bytes
Desc: image003.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130617/eb494595/attachment-0001.jpg>
More information about the Users
mailing list