[strongSwan] setting domain search via attr plugin (IKEv2)

Martin Willi martin at strongswan.org
Fri Jan 23 11:14:21 CET 2015


Hi,

> I wonder why the UNITY_DEF_DOMAIN and UNITY_SPLITDNS_NAME are not
> supported for IKEv2 as well?

The IKEv2 protocol does not define such an attribute, nor am I aware of
any extension that does. In IKEv1 these attributes are used by the
proprietary (but widely used) Cisco Unity extensions, and we can send
them in strongSwan for installation by third party clients.

None of our backends (resolve plugin, charon-nm) actually handle such
attributes. While you could send your own definition of such an
attribute in IKEv2, it is not handled by strongSwan (or a third party
client).

In short, configuring domain search lists over IKE is currently not
supported (and not standardized). All you currently can do is to send
these Unity attributes to third party clients supporting this
proprietary extension.

Regards
Martin



More information about the Users mailing list