[strongSwan] pushing a DNS breaks strongswan

Marcelo Barbudas nostef at gmail.com
Thu Nov 14 10:02:39 CET 2013


Hi.

I'm trying to create a very simple setup with strongswan server on
Debian and the client on iOS.

I'd like that once the VPN connection is established for strongswan to
push an DNS server. That's it. It's perfectly OK for a local VPN
network to be created, but I definitely don't want to route anything
through it.

I'm running 5.1 with a setup from the strongswan wiki, as seen below.

The problem is the second I push a dns (either via rightdns or
strongswan.conf) iOS is not able to resolve anything anymore. I'm
trying to set for instance 8.8.8.8.

Another non-related question is: how can I tell which end of the
tunnel is the server, and which one is the client (sorry, it's a
noobish question).
config setup

        plutostart=yes

        nat_traversal=yes


conn ios

        keyexchange=ikev1

        authby=xauthrsasig

        xauth=server

        left=%defaultroute

        leftsubnet=0.0.0.0/0

        leftfirewall=yes

        leftcert=serverCert.pem

        right=%any

        rightsubnet=10.0.0.0/24

        rightsourceip=10.0.0.0/24

        pfs=no

        auto=add

-M.




More information about the Users mailing list