Project

General

Profile

Issue #3647

Is it possible to receive INTERNAL_IP4_SUBNET attributes in updown scripts

Added by Philippe Jounin 10 months ago. Updated 10 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Affected version:
5.9.1
Resolution:

Description

Hello,

I read that Strongswan 5.9.1 is now interoperable with Cisco FlexVPN. I just tested it and it works !
!! THANKS !!

However, from the Cisco FlexVPN server, i can pass subnets to the client through IKEv2 attribute INTERNAL_IP4_SUBNET (cf https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-3s/sec-flex-vpn-xe-3s-book/sec-cfg-flex-serv.html).
This feature allows a Cisco client to install the received subnets in the routing table (Traffic Selectors are still 0.0.0.0/0, but the routing table controls the traffic sent to the tunnel vti).

I would like to do the same using Strongswan, but the attribute seems to be ignored. May be passing the attribute contents into updown scripts just like the PLUTO_DNS4_$i variables will do the trick without much overhead from your side.

Thanks,
Philippe

History

#1 Updated by Tobias Brunner 10 months ago

  • Status changed from New to Feedback

No (maybe also see #2185 etc.). You could write a custom plugin to handle such attributes, though.

Also available in: Atom PDF