[strongSwan] Config doesnt work on Windows 10 and Android

B Thordy bthordy at outlook.com
Sat Oct 6 14:17:18 CEST 2018


I think, i have found the setting for the DNS server or at least a way to change them. There was a file /etc/strongswan.d/user.conf with the following content:

charon {
# DNS server assigned to peer via configuration payload (CP).
dns1 = 8.8.8.8
dns2 = 8.8.4.4

# Number of worker threads in charon.
threads = 8

# Name of the user the daemon changes to after startup.
user = strongswan
}

It seems like that this setting overrides the DNS servers in ipsec.conf. I thought, it was the other way.

Android was a little bit strange. I added the certificate to the Keystore and could select "IPSec IKEv2 RSA" in the build VPN from the Galaxy S7. I selected then the imported certificate in both, the user-certificate and as ca-certificate, saved the profile and connected. This failed. So i opened the profile again, changed nothing, closed it with "cancel" and connected again. Now the connection was established successfully. I don't no why the first try failed. But now it seems to be, that i could use the config on both, Android and Windows 10.

I have found another problem on Windows 10. My Ethernet Adapter and the Wifi Adapter have both the DNS from my carrier and i didn't want to change that. When i look at https://www.dnsleaktest.com/, i can see that there is the DNS from the carrier. When i now connect to the VPN and re-check again, i see my DNS (which forwards to OpenDNS) and additionally the carrier DNS. This surprises me a lot. I thought that VPN is the only connection, which sends and receives query's other the Internet. Specially, since i set the checkbox for the VPN Adapter as "Standard-Gateway. Do you have any ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181006/473bb775/attachment.html>


More information about the Users mailing list