[strongSwan] charon resolve.conf creates /etc/resolv.conf with incorrect 0600 permissions

Ronald (Strongswan) strongswan at hwse3.com
Sat Apr 2 00:13:24 CEST 2016


Hi there, 

Been trying to use the resolve plugin from charon to
update /etc/resolv.conf
with the DNS server which is accessable only
when the VPN tunnel is setup.
It adds the line with the correct dns
server once the VPN tunnel is setup, but the file /etc/resolv.conf gets
incorrect file permissions.
Is this a bug ? Or is it possible to use
some kind of umask within the resolve.conf configuration of charon ?

cat /etc/os-release 
PRETTY_NAME="openSUSE 13.2 (Harlequin)

/usr/sbin # ./ipsec version
Linux strongSwan
/etc/strongswan.d/charon # cat resolve.conf

resolve {

 # File where to add DNS server entries.
 file =

 # Whether to load the plugin. Can also be an integer
to increase the
 # priority of this plugin.
 load = yes

 resolvconf {

# Prefix used for interface names sent to resolvconf(8).
 # iface_prefix
= lo.inet.ipsec.


after ipsec restart: 
ls -lat /etc | grep
-rw------- 1 root root 836 Apr 1 21:41 resolv.conf 
File is
modified with the correct information: 
cat /etc/resolv.conf | head
nameserver # by strongSwan, from vpn.somedomain.org 
server ip and fqdn of vpn server are anonymized) 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160401/73b5d947/attachment.html>

More information about the Users mailing list