strongSwan

Hello,

Below is my configuration that I use to connect my nomade pc to a Stormshield firewall throught an ipsec tunnel.

As you can see, I m using config mode on the firewall to obtain the ip in the tunnel and dns ip.

With this configuration, tunnel is up sucessfully.

I obtain a leftsourceip dynamicaly and I can join some server through the tunnel by ip.

My issue is to obtain the DNS dynamicaly and use it to join some server through the tunnel.

I m not sur about the syntaxe to use and my dns configuration (by config mode of the tunnel) do not work.
When tunnel is up, how can I use the dns of the tunnel and not the local dns.

Thank a lot for your help.

Regards

Eric

# basic configuration

config setup
        charondebug="cfg 4, ike 4, knl 3, mgr 3, lib 3" 
conn myconnexion
     leftsubnet=%dynamic,10.133.0.0/20
     leftsourceip=%config
     leftcert=XXXXXXXXXXXXXXXX.pem
     leftid="C=FR, O=XXXXXXXXXXXXXXXXX, OU=0002 XXXXXXXXX, OU=SERVEURS, CN=XXXXXXXXXXXXXXXX.fr" 
     leftdns=%config4,%config6
     right=myfirewall@ip
     rightsubnet=10.0.0.0/8
     authby=rsasig
     rightid=%any
     rightsendcert=never
     ike=aes256-sha256-modpXXXX
     esp=aes256-sha256-modpXXXX
     keyexchange=ikev2
     ikelifetime=8h
     lifetime=1h
     auto=route

Note that tunnel processing to up the turn up the tunnel seems to be slow with this configuration.