Is it possible to receive INTERNAL_IP4_SUBNET attributes in updown scripts
I read that Strongswan 5.9.1 is now interoperable with Cisco FlexVPN. I just tested it and it works !
!! THANKS !!
However, from the Cisco FlexVPN server, i can pass subnets to the client through IKEv2 attribute INTERNAL_IP4_SUBNET (cf https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-3s/sec-flex-vpn-xe-3s-book/sec-cfg-flex-serv.html).
This feature allows a Cisco client to install the received subnets in the routing table (Traffic Selectors are still 0.0.0.0/0, but the routing table controls the traffic sent to the tunnel vti).
I would like to do the same using Strongswan, but the attribute seems to be ignored. May be passing the attribute contents into updown scripts just like the PLUTO_DNS4_$i variables will do the trick without much overhead from your side.