[strongSwan] can't set dns on customers side
Gregory Edigarov
edigarov at qarea.com
Thu Mar 11 12:08:19 CET 2021
Hello,
strongSwan 5.6.2 on both sides.
server side config:
conn ikev2-vpn
auto=add
compress=no
type=tunnel
keyexchange=ikev2
ike=aes256-sha1-modp1024
esp=aes256-sha1
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftid=@example.my.domain
leftauth=pubkey
leftcert=certificate.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
leftfirewall=yes
right=%any
rightid=%any
rightauth=eap-radius
rightsourceip=10.255.255.0/24
rightsendcert=never
rightdns=192.168.12.2,192.168.21.2,192.168.111.2
eap_identity=%identity
client side config:
conn ike-test
auto=start
fragmentation=yes
keyexchange=ikev2
right=example.my.domain
rightid=@example.my.domain
rightauth=pubkey
rightsubnet=0.0.0.0/0
leftsourceip=%config
leftid=username
leftauth=eap-mschapv2
eap_identity=%identity
connection got setup ok, but no dns is installed on client's side. also
tried with windows client, with same result
is it radius overriding rightdns setting? i do not put anything but
authentication into radius yet. may it be the reason?
thank you
--
With best regards,
Gregory Edigarov
More information about the Users
mailing list