Hi, I currently have strongSwan server setup on a VPS host, and I'm also running an adblocking DNS server (not exposed to internet) on this same host. The server only has one interface and it has a public IP address (e.g. 1.2.3.4). I'd like to configure strongSwan to hand out a DNS address (for this local DNS server) for any clients that connect. I have two problems: * I don't know how to make the DNS service running on the same VPS host accessible to the connecting client. My client has a virtual IP (e.g. 10.20.30.1) and not sure how I can communicate directly with a service running locally on this VPS host. * I don't know what IP I should I pass back to the client for this DNS address. I have no private IP address on this server. Should I return the public IP address for the server?
Server config ------------------------------------ config setup uniqueids=never charondebug="cfg 2, dmn 2, ike 2, net 2" conn %default keyexchange=ike dpdaction=clear dpddelay=300s rekey=no left=%any leftca=ca.cert.pem leftcert=server.cert.pem leftsubnet=0.0.0.0/0 right=%any rightdns=???? rightsourceip=10.20.30.0/24 rightsubnets=192.168.3.0/24 conn IPSec-IKEv2 keyexchange=ikev2 ike=aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024! esp=aes256-sha256,3des-sha1,aes256-sha1! leftid="1.2.3.4" leftsendcert=always leftauth=pubkey rightauth=pubkey rightid="client@1.2.3.4" rightcert=client.cert.pem auto=add Any help would be greatly appreciated. Thanks!