I think, i have found the setting for the DNS server or at least a way to
change them. There was a file /etc/strongswan.d/user.conf with the following
content:
charon {
# DNS server assigned to peer via configuration payload (CP).
dns1 = 8.8.8.8
dns2 = 8.8.4.4
# Number of worker threads in charon.
threads = 8
# Name of the user the daemon changes to after startup.
user = strongswan
}
It seems like that this setting overrides the DNS servers in ipsec.conf. I
thought, it was the other way.
Android was a little bit strange. I added the certificate to the Keystore and
could select "IPSec IKEv2 RSA" in the build VPN from the Galaxy S7. I selected
then the imported certificate in both, the user-certificate and as
ca-certificate, saved the profile and connected. This failed. So i opened the
profile again, changed nothing, closed it with "cancel" and connected again.
Now the connection was established successfully. I don't no why the first try
failed. But now it seems to be, that i could use the config on both, Android
and Windows 10.
I have found another problem on Windows 10. My Ethernet Adapter and the Wifi
Adapter have both the DNS from my carrier and i didn't want to change that.
When i look at https://www.dnsleaktest.com/, i can see that there is the DNS
from the carrier. When i now connect to the VPN and re-check again, i see my
DNS (which forwards to OpenDNS) and additionally the carrier DNS. This
surprises me a lot. I thought that VPN is the only connection, which sends and
receives query's other the Internet. Specially, since i set the checkbox for
the VPN Adapter as "Standard-Gateway. Do you have any ideas?
