I have the server side configured with ipsec.conf: config setup charondebug="ike 0, enc 0, net 0"
conn %default keyexchange=ikev2 mobike=no dpddelay=60 dpdtimeout=180 conn lp1772705 left=172.24.26.187 leftcert=peerCert.der leftauth=pubkey leftsubnet=8.8.8.8/32 right=%any rightsourceip=172.21.10.0/24 rightauth=eap-mschapv2 rightdns=1.1.1.1,1.0.0.1 eap_identity=%any auto=add With 5.6.2-1ubuntu2.4, I get random garbage as resolvers instead of 1.1.1.1 and 1.0.0.1: <info> [1576525492.6584] vpn-connection[0x55e5c1c6c810,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 128.157.0.100 <info> [1576525492.6584] vpn-connection[0x55e5c1c6c810,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 240.14.1.80 but I still get random garbage with 5.6.2-1ubuntu2.5: The following packages will be upgraded: libcharon-standard-plugins (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5) libstrongswan (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5) libstrongswan-standard-plugins (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5) strongswan-charon (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5) strongswan-libcharon (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5) strongswan-nm (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5) strongswan-pki (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5) strongswan-starter (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5) <info> [1576525739.9236] vpn-connection[0x55e5c1c6c410,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 144.190.1.100 <info> [1576525739.9236] vpn-connection[0x55e5c1c6c410,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 96.221.1.100 I did multiple attempts varying rightdns= to push 1.1.1.1 and/or 1.0.0.1 but they all failed: $ journalctl -b0 -o cat | grep 'Internal DNS' <info> [1576525492.6584] vpn-connection[0x55e5c1c6c810,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 128.157.0.100 <info> [1576525492.6584] vpn-connection[0x55e5c1c6c810,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 240.14.1.80 <info> [1576525720.6106] vpn-connection[0x55e5c1c6c610,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 0.48.1.100 <info> [1576525720.6106] vpn-connection[0x55e5c1c6c610,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 80.83.122.160 <info> [1576525739.9236] vpn-connection[0x55e5c1c6c410,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 144.190.1.100 <info> [1576525739.9236] vpn-connection[0x55e5c1c6c410,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 96.221.1.100 <info> [1576526033.7857] vpn-connection[0x56137b6c67f0,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 0.70.3.100 <info> [1576526726.4132] vpn-connection[0x56137b6c61f0,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 48.107.3.100 ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-failed verification-failed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772705 Title: IKEv2 VPN connections fail to use DNS servers provided by the server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs