[strongSwan] pools attrs

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Thu Apr 8 13:00:47 CEST 2021


Hello Volodymyr,

The attributes are unhandled because there is no handler registered for it in the code.
You can extend the updown plugin to handle those attributes but it's unlikely your changes
would be merged because the updown plugin is considered deprecated.

Kind regards
Noel

Am 08.04.21 um 11:25 schrieb Volodymyr Litovka:
> In general, what I need to get. I'm trying to build kind of mesh topology, where every host can be both client and server at the same time for different connections (it can accept connections and place connections to another hosts). Routing is OSPF-based and in order to run OSPF over tunnels, I need to specify an addressing on interface like the following statement -
> 
> $ ip addr add ${PLUTO_MY_SOURCEIP} peer ${PLUTO_PEER_SOURCEIP} dev xfrm${PLUTO_IF_ID_IN}
> 
> - while on the server side I have both server peer address (I just know 
it) and client peer address (PLUTO_PEER_SOURCEIP),
> - the issue is on the client side: it has only PLUTO_MY_SOURCEIP and no 
ideas which is PLUTO_PEER_SOURCEIP
> 
> What I want is to use any of the available attribute in pools definition (e.g. "server") to signal on remote side server's peer address.
> 
> I managed to work over "dns" attribute (enabling dns_handler in updown.conf, while keeping resolve.conf disabled) but DNS is widely used attributed and this trick can be unapplicable in most situations.
> 
> So the question is - how to get e.g. "server" attribute in PLUTO_* variables?
> 
> On 08.04.2021 01:20, Volodymyr Litovka wrote:
>>
>> Hi colleagues,
>>
>> are there any ways to get remote side attributes, specified in "pools" 
section, like:
>>
>> pools {
>>          s1-pool {
>>                  addrs = 25.0.0.2-25.0.1.255
>>                  netmask = "255.255.254.0"
>>          }
>> }
>>
>> at the moment, my updown script on the client shows the following ones 
upon launch:
>>
>> updown: PLUTO_PEER_ID=s1
>> updown: PLUTO_ME=10.1.2.10
>> updown: PLUTO_IF_ID_OUT=10
>> updown: PLUTO_PEER_CLIENT=0.0.0.0/0
>> updown: PLUTO_IF_ID_IN=10
>> updown: PLUTO_VERSION=1.1
>> updown: PLUTO_REQID=1
>> updown: PLUTO_MY_PORT=0
>> updown: PLUTO_MY_PROTOCOL=0
>> updown: PLUTO_PEER_PORT=0
>> updown: PLUTO_MY_SOURCEIP4_1=25.0.0.2
>> updown: PLUTO_CONNECTION=s2
>> updown: PLUTO_PEER_PROTOCOL=0
>> updown: PLUTO_MY_CLIENT=0.0.0.0/0
>> updown: PLUTO_MY_ID=s2
>> updown: PLUTO_PEER=10.1.1.10
>> updown: PLUTO_VERB=up-client
>> updown: PLUTO_INTERFACE=eth0
>> updown: PLUTO_UNIQUEID=1
>> updown: PLUTO_MY_SOURCEIP=25.0.0.2
>> updown: PLUTO_PROTO=esp
>> updown: PLUTO_UDP_ENC=4500
>>
>> and there is no information on 'netmask' which is specified on the server.
>>
>> Thank you.
>>
>> -- 
>> Volodymyr Litovka
>>    "Vision without Execution is Hallucination." -- Thomas Edison
> 
> -- 
> Volodymyr Litovka
>    "Vision without Execution is Hallucination." -- Thomas Edison
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210408/f09e5ab5/attachment.sig>


More information about the Users mailing list