weiping deng wrote: > Hi Both, > > Excuse me. I have the following questions about the configuration payload: > > Q1: > > In current version of strongswan, whether the internal DNS can be > assigned by server when peer initiates the request for it with the same > configuration payload for virtual IP request? > > If internal DNS can be assigned, where I can get this information? And > If I want to obtain this information for further handling, how can I do? > Yes, internal DNS servers can be assigned to a strongSwan client via the configuration payload. A sample scenario is shown here:
http://www.strongswan.org/uml/testresults43/ikev2/config-payload/console.log By default the DSN servers are added to /etc/resolv.conf by the resolv-conf plugin. The destination file can be changed via the --with-resolv-conf=<file> configuration option. strongSwan as a server can read DNS and WINS server information from /etc/strongswan.conf using the attr plugin: http://www.strongswan.org/uml/testresults43/ikev2/config-payload/moon.strongswan.conf Both the attr and resolv-conf (renamed to "resolve" starting with release 4.3.5) plugins are enabled by default. > > Q2: > > I have always a question, ie: as the description of RFC4306 (IKEv2), > server can assigned the internal subnet and corresponding netmask to > peer. Why we need to configure the rightsubnet in peer’s ipsec.conf? > > Is this item can be removed from ipsec.conf? or maybe this item is not > be used to configure internal subnet and can be set as random value – > (in fact, it can not be work when I set a random value to > right/leftsubnet). > on the client side you can define right|leftsubnet=0.0.0.0/0 and the server will narrow the range down to its own definition. "Narrowing" is an IKEv2 feature. > > > Look forward to your answer, thanks. > > David Regards Andreas ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
