Andreas Steffen wrote in his e-mail on dec 24:
".....the IKEv2 charon daemon receives the FQDN as a
string via the stroke interface and does name resolution on the fly
shortly before actually negotiating the IPsec tunnel."
This appears not to work for me. The output of starter is as follows:
Starting strongSwan 4.3.5 IPsec [starter]...
no default route - cannot cope with %defaultroute!!!
| Loading config setup
| charonstart=yes
| plutostart=no
| Loading conn 'home'
| keyexchange=ikev2
| left=%any
| leftsourceip=%modeconfig
| leftcert=danielCA_daniel-notebook.pem
| leftfirewall=yes
| right=home.example.com
# bad addr: right=home.example.com [does not look numeric and name
lookup failed]
| rightid=/CN=Vaterstetten/
| rightsubnet=192.168.10.0/24
| dpdaction=restart
| auto=add
Please note that home.example.com is not the real DNS name. I replaced
the real one for security reasons.
I'm also confused by the syntax of the stroke command.
Add a connection:
stroke add NAME MY_ID OTHER_ID MY_ADDR OTHER_ADDR\
MY_NET OTHER_NET MY_NETBITS OTHER_NETBITS
where: ID is any IKEv2 ID
ADDR is a IPv4 address
NET is a IPv4 subnet in CIDR notation
It clearly states that it requires an IPv4 address no FQDN.
Could you please help me with that.
Thanks
-Daniel
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
