[strongSwan] swanctt + dhcp + dns

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Mon Dec 18 15:59:17 CET 2017


1. Did you test it?
2. I wrote before that you can not pass the assigned DNS server you get via DHCP. That is not possible at all. You can use a pool though to pass it as an attribute. Read the manual for swanctl.conf. The syntax is mentioned there.
Just use two pools. One dhcp, one with the attribute.

Kind regards

Noel

On 18.12.2017 15:53, Kamil Jońca wrote:
> Noel Kuntze
> <noel.kuntze+strongswan-users-ml-eJe4+7AOuxYyzzc7d281tti2O/JbrIOy at public.gmane.org>
> writes:
>
>> 1. Never did that with swanctl. You have to play around with the pools or dig around. Maybe it's as simple as "connections.<conn>.pools = dhcp" or "connections.<conn>.pools = %dhcp". Maybe it's not.
> Well, this can be done by simply 
> pools = dhcp
> and alone is not a problem, but ...
>
>> 2. You can't.
> So there is no an equivalent of 
>
> "rightdns=192.168.200.200"
>
> in swanctl, and the only way to send DNS server is to return to old starter-based approach?
>
> Am I wrong?
> KJ
>
>
>> On 18.12.2017 15:21, Kamil Jońca wrote:
>>> Noel Kuntze
>>> <noel.kuntze+strongswan-users-ml-eJe4+7AOuxYyzzc7d281tti2O/JbrIOy at public.gmane.org>
>>> writes:
>>>
>>>> Use a pool. Look at the UsableExamples[1] page.
>>>> You can't pass dns servers from DHCP at all. It has nothing to do with
>>>> the configuration backend you're using.
>>> I was not too clear probably.
>>>
>>> I want to do with swanctl:
>>> 1. have client addres taken from dhcp
>>> 2. somehow configure dns to pass (how? )
>>>
>>> ie. how to translate from old config:
>>>
>>>
>>> conn xxx
>>>         left=192.168.200.200
>>>         leftsubnet=192.168.200.0/24
>>>         leftid=xxx
>>>         leftca=yyy
>>>         leftcert=....
>>>         rightdns=192.168.200.200
>>>         right=%any
>>>         compress=yes
>>>         rightsourceip=%dhcp
>>>
>>>
>>>
>>> KJ
>>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171218/896bd0e4/attachment.sig>


More information about the Users mailing list