[strongSwan] swanctt + dhcp + dns
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Mon Dec 18 14:37:17 CET 2017
Use a pool. Look at the UsableExamples[1] page.
You can't pass dns servers from DHCP at all. It has nothing to do with the configuration backend you're using.
Kind regards
Noel
[1] https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples
On 17.12.2017 08:47, Kamil Jońca wrote:
> I am testing migration from starter config to swanctlt config, and have
> issue that cannot resolve.
>
> my config below:
> --8<---------------cut here---------------start------------->8---
> secrets {
> private {
> file= ....
> secret= [....]
> }
> }
> connections {
>
> rw {
> local_addrs = 192.168.200.200
> pools = dhcp
> local {
> auth = pubkey
> cacerts= [...]
> certs = [...]
> id = "C = PL, ST = Mazowieckie, O = kjonca.kjonca, OU = ipsec, CN = xxxxxx"
> }
> remote {
> auth = pubkey
> }
> children {
> net-alfa-server {
> local_ts = 192.168.200.200/24
> ipcomp=yes
>
> }
> }
> }
> }
> authorities {
> kaczka{
> crl_uris = file:///etc/swanctl/x509crl/kaczka.pem
> cacert = /etc/swanctl/x509ca/ipsec--kaczka--ca.pem
>
> }
> }
> --8<---------------cut here---------------end--------------->8---
>
> 1.How with this config I can pass dns server to client?
> 2. Is it possible to take DNS server from dhcp (and others possible
> options too)?
>
>
> KJ
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171218/7f33ed11/attachment.sig>
More information about the Users
mailing list