On Mon, 18 Jan 2021, Ian Willis wrote:
I'm currently using centos8 for some mobile users.
The setup is relies on the fact that ipsec starts on boot and connects to a
remote freeipa server allowing kerberos auth for login and DNS.
The ipsec setup uses a rsa keys for host auth.
It works reasonably well except that when the dhcp lease expires network
manager overwrites /etc/resol.conf. What is the best way to manage this
situation.
As a kludge I've set ipsec to restart every 5 minutes via a cron job which
works some of the time.
Any thoughts appreciated.
libreswan needs to extend support to notify network manager of the DNS
update, then it should no longer conflict. It's on my todo list, but
I haven't yet had the time to do this.
[patches welcome, see /usr/libexec/ipsec/_updown.xfrm]
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
