[strongSwan] setting domain search via attr plugin (IKEv2)
Harald Dunkel
harald.dunkel at aixigo.de
Fri Jan 23 11:58:12 CET 2015
On 01/23/15 11:14, Martin Willi wrote:
>
> None of our backends (resolve plugin, charon-nm) actually handle such
> attributes. While you could send your own definition of such an
> attribute in IKEv2, it is not handled by strongSwan (or a third party
> client).
>
Thats the point. I would need support for new payload attributes on
both peers. Maybe Strongswan could support a callback function for private
payload attribute types? (Hopefully I wasn't too blind to see)
> In short, configuring domain search lists over IKE is currently not
> supported (and not standardized). All you currently can do is to send
> these Unity attributes to third party clients supporting this
> proprietary extension.
>
Cisco did not hesitate to use the private attributes for IKEv1. Do you
think it would be possible to support similar private attributes for
IKEv2 on both sides, as Cisco did?
Just a suggestion, of course. Keep on your good work.
Harri
https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-21
More information about the Users
mailing list