[strongSwan] [strongswan - 5.3.0] : Generating Multiple resolv.con files

Sriram sriram.ec at gmail.com
Mon Jan 8 06:22:10 CET 2018


Hi,

>From the man page and mailing list, I found updown plugin can be used to
achieve the purpose.

So I removed "resolve" section from strongswan.conf and added "updown" with
dns_handler = yes.
like below.
  updown {
                    dns_handler = yes
                    load = yes
                }

_updown script gets called whenever tunnel is established, but I find
PLUTO_DNS6_1 env variables empty.
Looks like resolv plugin which is enabled by default gets invoked and DNS
entry is updated in /etc/resolv.conf

[root at 0005B9888880 root]# cat /etc/resolv.conf
nameserver 2001:0:0:13::1   # by strongSwan

In CFG_REQUEST client is sending INTERNAL_IP6_ADDR and INTERNAL_IP6_DNS
payload to request for ipv6 TIA and ipv6 DNS addr.
Security gateway responds with IPv6 TIA and IPv6 DNS.

My strongswan client configuration is similar to one example mentioned in
strongswan site
https://www.strongswan.org/testing/testresults/ipv6-stroke/rw-ip6-in-ip4-ikev2/carol.ipsec.conf

Is there anything I m missing here ?
Kindly let me know.

Regards,
Sriram.

On Thu, Jan 4, 2018 at 11:52 AM, Sriram <sriram.ec at gmail.com> wrote:

> Hi,
> We are using strongswan - 5.3.0 in our linux device, which is a strongswan client which works in tunnel mode with virtual IP.
>
> It establishes tunnels towards two security gateways.
> like for example
>
> eth0.489(10.0.0.1) ------ 10.201.100.1(secgw1)
> eth0.490(10.0.10.1) ------ 10.201.100.2(secgw2)
>
>
> In strongswan.conf, under plugins sections.
>     resolve {
>                         file=/etc/resolvtunnel.conf
>                }
>
> when both tunnels are established I see that DNS servers pushed by secgw's
> are appended in /etc/resolvtunnel.conf.
> I want to know If it is possible to generate two resolv.conf files like for
> secgw1, /etc/resolvtunnel_secgw1.conf and for secgw2,
> /etc/resolvtunnel_secgw2.conf
>
>
> Regards,
> Sriram.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180108/a3e85347/attachment.html>


More information about the Users mailing list