[strongSwan] swanctt + dhcp + dns

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Mon Dec 18 14:37:17 CET 2017


Use a pool. Look at the UsableExamples[1] page.
You can't pass dns servers from DHCP at all. It has nothing to do with the configuration backend you're using.

Kind regards

Noel

[1] https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples

On 17.12.2017 08:47, Kamil Jońca wrote:
> I am testing migration from starter config to swanctlt config, and have
> issue that cannot resolve.
>
> my config below:
> --8<---------------cut here---------------start------------->8---
> secrets {
> 	private {
> 		file= ....
> 		secret= [....]
> 	}
> }
> connections {
>
>    rw {
>       local_addrs  = 192.168.200.200
>       pools = dhcp
>       local {
>          auth = pubkey
>          cacerts= [...]
> 		 certs = [...]
>          id = "C = PL, ST = Mazowieckie, O = kjonca.kjonca, OU = ipsec, CN = xxxxxx"
>       }
>       remote {
>          auth = pubkey
>       }
>       children {
>          net-alfa-server {
> 		    local_ts = 192.168.200.200/24	
> 			ipcomp=yes
> 			
>          }
>       }
>    }
> }
> authorities {
> 	kaczka{
> 	crl_uris = file:///etc/swanctl/x509crl/kaczka.pem
> 	cacert = /etc/swanctl/x509ca/ipsec--kaczka--ca.pem
>
> 	}
> }
> --8<---------------cut here---------------end--------------->8---
>
> 1.How with this config I can pass dns server to client?
> 2. Is it possible to take DNS server from dhcp (and others possible
> options too)?
>
>
> KJ
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171218/7f33ed11/attachment.sig>


More information about the Users mailing list