Hello all,
Based on the conversation on the IPSec list previously about supporting Split
DNS in IKEv2, Paul and I have written up a draft to add support for Split DNS
(as well as DNSSEC) to the configuration attributes for IKEv2.
We’d like to get feedback from the working group about the level
On Thu, 24 Sep 2015, Tommy Pauly wrote:
We’d like to get feedback from the working group about the level of interest in
this topic, and if people would like to work on adopting it.
One item we were not sure about is the format of the INTERNAL_DNSSEC_TA.
While a DS record is shorter and
On Jul 30, 2015, at 3:08 AM, Paul Wouters p...@nohats.ca wrote:
On Thu, 30 Jul 2015, Tero Kivinen wrote:
Paul Wouters writes:
Should such a document include a section on client usage or just specify
the payload formats?
If such document is written, it has to defined client usage for
Tommy Pauly writes:
On the topic of DNS caching, I think the draft could give
recommendations that the cache for a domain assigned to the IKEv2
connection should be flushed, but would not need to go into
implementation details. From the perspective of our clients (Mac and
iOS), all VPN types
On Thu, 30 Jul 2015, Tero Kivinen wrote:
Paul Wouters writes:
Should such a document include a section on client usage or just specify
the payload formats?
If such document is written, it has to defined client usage for the
information, as those have security issues.
That's reasonable.
Paul Wouters writes:
Should such a document include a section on client usage or just specify
the payload formats?
If such document is written, it has to defined client usage for the
information, as those have security issues.
For example, there are some expected behaviours for client cache
Hello,
I’d like to see if the working group has interest in adding support for a list
of split-DNS domains to the configuration payload for IKEv2. Existing
split-tunnel VPN solutions often use a configuration in which only a private
domain is resolved using the VPN’s DNS server, and all other