Hi Zhiheng, > Since the configuration is done to the strongswan.conf, I am wondering > if other clients, for example, Bob, will also receive these addresses. > I guess this is the case, but what if Bob is not interested in > receiving DNS and DHCP addresses and has not requested them in its > IKEv2 messages, would this be considered an error of the server in > which case the server is telling unwanted information to the client?
Attributes defined in strongswan.conf are global, these are assigned to all clients requesting a virtual IP. Even if the client does not send requests for these attributes, strongSwan sends them. This is valid in IKEv2, as a responder may send attributes not requested by the initiator. For DNS servers, we have an extension in the pipeline for 5.0.1 which allows you to define DNS servers on a connection basis. You may try the last six patches from [1]. For DHCP, there won't be such an option, though. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/dns-attr _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
