[strongSwan] Client access to DNS service running on same host as strongSwan server
Dan Vee
sendmaildevnull at gmail.com
Sat Oct 7 00:01:46 CEST 2017
Hi,
I currently have strongSwan server setup on a VPS host, and I'm also
running an adblocking DNS server (not exposed to internet) on this same
host. The server only has one interface and it has a public IP address
(e.g. 1.2.3.4). I'd like to configure strongSwan to hand out a DNS address
(for this local DNS server) for any clients that connect. I have two
problems:
* I don't know how to make the DNS service running on the same VPS host
accessible to the connecting client. My client has a virtual IP (e.g.
10.20.30.1) and not sure how I can communicate directly with a service
running locally on this VPS host.
* I don't know what IP I should I pass back to the client for this DNS
address. I have no private IP address on this server. Should I return the
public IP address for the server?
Server config
------------------------------------
config setup
uniqueids=never
charondebug="cfg 2, dmn 2, ike 2, net 2"
conn %default
keyexchange=ike
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftca=ca.cert.pem
leftcert=server.cert.pem
leftsubnet=0.0.0.0/0
right=%any
rightdns=????
rightsourceip=10.20.30.0/24
rightsubnets=192.168.3.0/24
conn IPSec-IKEv2
keyexchange=ikev2
ike=aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024!
esp=aes256-sha256,3des-sha1,aes256-sha1!
leftid="1.2.3.4"
leftsendcert=always
leftauth=pubkey
rightauth=pubkey
rightid="client at 1.2.3.4"
rightcert=client.cert.pem
auto=add
Any help would be greatly appreciated. Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171006/fa0ba32b/attachment.html>
More information about the Users
mailing list