Hi folks, using IKEv2 and NetworkManager I wonder how the DNS domain search attribute is supposed to be added to /etc/resolv.conf?
My attr.conf on the IPsec gateway says attr { dns = 10.0.122.9, 10.0.96.123, 10.0.96.124 nbns = 10.0.98.253 28674 = ipsec.example.com ac.example.com vs.example.com ws.example.com example.com 28675 = ipsec.example.com ac.example.com vs.example.com ws.example.com example.com load = yes } AFAICT NetworkManager would like to call resolvconf itself, but apparently it is missing the DNS domain. syslog on my laptop tells me Jul 1 08:25:19 ppcl001 NetworkManager[992]: <info> [1561962319.5404] audit: op="connection-activate" uuid="e3e13c44-f079-42d9-9d40-5156082f2914" name="ipsecgate IKEv2" pid=5931 uid=6502 result="success" Jul 1 08:25:19 ppcl001 NetworkManager[992]: <info> [1561962319.5435] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Saw the service appear; activating connection Jul 1 08:25:19 ppcl001 NetworkManager[992]: <info> [1561962319.5633] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: VPN connection: (ConnectInteractive) reply received Jul 1 08:25:19 ppcl001 charon-nm: 05[CFG] received initiate for NetworkManager connection ipsecgate IKEv2 Jul 1 08:25:19 ppcl001 NetworkManager[992]: <info> [1561962319.6125] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: VPN plugin: state changed: starting (3) Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7119] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: VPN connection: (IP4 Config Get) reply received from old-style plugin Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7126] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: VPN Gateway: 5.145.142.209 Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7126] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: Tunnel Device: (null) Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7126] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: IPv4 configuration: Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7126] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: Internal Address: 10.0.122.66 Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7126] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: Internal Prefix: 32 Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7126] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: Internal Point-to-Point Address: 10.0.122.66 Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7126] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: Maximum Segment Size (MSS): 0 Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7127] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: Forbid Default Route: yes Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7127] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: Internal DNS: 10.0.122.9 Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7127] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: Internal DNS: 10.0.96.123 Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7127] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: Internal DNS: 10.0.96.124 Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7127] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: Internal DNS: 127.0.0.1 Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7127] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: DNS Domain: '(none)' Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7127] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: Data: No IPv6 configuration Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7134] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: VPN connection: (IP Config Get) complete Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7134] vpn-connection[0x55858e7ca870,e3e13c44-f079-42d9-9d40-5156082f2914,"ipsecgate IKEv2",0]: VPN plugin: state changed: started (4) Jul 1 08:25:26 ppcl001 NetworkManager[992]: <info> [1561962326.7225] dns-mgr: Writing DNS information to /sbin/resolvconf Of course the documentation states: "Cisco Unity extensions for IKEv1" but I don't see any reason why this shouldn't work for IKEv2 as well (except for not being listed in some document). strongswan is version 5.7.2 on both peers. strongswan network manager plugin is version 1.4.4. Every insightful comment is highly appreciated Harri