Hi, >From the man page and mailing list, I found updown plugin can be used to achieve the purpose.
So I removed "resolve" section from strongswan.conf and added "updown" with dns_handler = yes. like below. updown { dns_handler = yes load = yes } _updown script gets called whenever tunnel is established, but I find PLUTO_DNS6_1 env variables empty. Looks like resolv plugin which is enabled by default gets invoked and DNS entry is updated in /etc/resolv.conf [root@0005B9888880 root]# cat /etc/resolv.conf nameserver 2001:0:0:13::1 # by strongSwan In CFG_REQUEST client is sending INTERNAL_IP6_ADDR and INTERNAL_IP6_DNS payload to request for ipv6 TIA and ipv6 DNS addr. Security gateway responds with IPv6 TIA and IPv6 DNS. My strongswan client configuration is similar to one example mentioned in strongswan site https://www.strongswan.org/testing/testresults/ipv6-stroke/rw-ip6-in-ip4-ikev2/carol.ipsec.conf Is there anything I m missing here ? Kindly let me know. Regards, Sriram. On Thu, Jan 4, 2018 at 11:52 AM, Sriram <sriram...@gmail.com> wrote: > Hi, > We are using strongswan - 5.3.0 in our linux device, which is a strongswan > client which works in tunnel mode with virtual IP. > > It establishes tunnels towards two security gateways. > like for example > > eth0.489(10.0.0.1) ------ 10.201.100.1(secgw1) > eth0.490(10.0.10.1) ------ 10.201.100.2(secgw2) > > > In strongswan.conf, under plugins sections. > resolve { > file=/etc/resolvtunnel.conf > } > > when both tunnels are established I see that DNS servers pushed by secgw's > are appended in /etc/resolvtunnel.conf. > I want to know If it is possible to generate two resolv.conf files like for > secgw1, /etc/resolvtunnel_secgw1.conf and for secgw2, > /etc/resolvtunnel_secgw2.conf > > > Regards, > Sriram. > >