Andreas Steffen wrote in his e-mail on dec 24: ".....the IKEv2 charon daemon receives the FQDN as a string via the stroke interface and does name resolution on the fly shortly before actually negotiating the IPsec tunnel."
This appears not to work for me. The output of starter is as follows: Starting strongSwan 4.3.5 IPsec [starter]... no default route - cannot cope with %defaultroute!!! | Loading config setup | charonstart=yes | plutostart=no | Loading conn 'home' | keyexchange=ikev2 | left=%any | leftsourceip=%modeconfig | leftcert=danielCA_daniel-notebook.pem | leftfirewall=yes | right=home.example.com # bad addr: right=home.example.com [does not look numeric and name lookup failed] | rightid=/CN=Vaterstetten/ | rightsubnet=192.168.10.0/24 | dpdaction=restart | auto=add Please note that home.example.com is not the real DNS name. I replaced the real one for security reasons. I'm also confused by the syntax of the stroke command. Add a connection: stroke add NAME MY_ID OTHER_ID MY_ADDR OTHER_ADDR\ MY_NET OTHER_NET MY_NETBITS OTHER_NETBITS where: ID is any IKEv2 ID ADDR is a IPv4 address NET is a IPv4 subnet in CIDR notation It clearly states that it requires an IPv4 address no FQDN. Could you please help me with that. Thanks -Daniel _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users