Hello Daniel, Daniel Mentz wrote: > Andreas Steffen wrote in his e-mail on dec 24: > > ".....the IKEv2 charon daemon receives the FQDN as a > string via the stroke interface and does name resolution on the fly > shortly before actually negotiating the IPsec tunnel." > > This appears not to work for me. The output of starter is as follows: > > Starting strongSwan 4.3.5 IPsec [starter]... > no default route - cannot cope with %defaultroute!!! > | Loading config setup > | charonstart=yes > | plutostart=no > | Loading conn 'home' > | keyexchange=ikev2 > | left=%any > | leftsourceip=%modeconfig > | leftcert=danielCA_daniel-notebook.pem > | leftfirewall=yes > | right=home.example.com > # bad addr: right=home.example.com [does not look numeric and name > lookup failed]
Well, if no default route exists then the host most probably is also not able to resolve hostnames via DNS. Did you try if nslookup works before starting the IKE negotiation? > | rightid=/CN=Vaterstetten/ > | rightsubnet=192.168.10.0/24 > | dpdaction=restart > | auto=add > > Please note that home.example.com is not the real DNS name. I replaced > the real one for security reasons. > > I'm also confused by the syntax of the stroke command. > > Add a connection: > stroke add NAME MY_ID OTHER_ID MY_ADDR OTHER_ADDR\ > MY_NET OTHER_NET MY_NETBITS OTHER_NETBITS > where: ID is any IKEv2 ID > ADDR is a IPv4 address > NET is a IPv4 subnet in CIDR notation > We haven't updated the stroke command line connection configuration option for years. Thus don't be surprised if nothing more than some very basic configurations actually work! > It clearly states that it requires an IPv4 address no FQDN. > > Could you please help me with that. > > Thanks > -Daniel Best regards Andreas ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users