Project

General

Profile

resolve plugin

The resolve plugin writes name servers to resolv.conf. It is enabled by default.

Behavior

Name servers received via configuration payloads (IKEv2) or via Mode Config (IKEv1) are added to /etc/resolv.conf or installed via resolvconf(8). When the connection goes down name servers are automatically removed again.

Configuration

The plugin is configured using the following strongswan.conf options.

Key Default Description
charon.plugins.resolve.file /etc/resolv.conf File where name servers are written to.
charon.plugins.resolve.resolv_conf.iface_prefix lo.inet.ipsec. Prefix to be used for interface names provided to resolvconf(8).

Support for resolvconf(8)

Since version 4.6.3 strongSwan provides support for installing name servers via the resolvconf framework. If resolvconf is installed the plugin automatically invokes it appropriately instead of modifying resolv.conf directly.

The interface names provided to resolvconf are built by adding the IP address of the name server to the prefix configured in strongswan.conf (or the default). The result must be a valid interface name according to the rules specified by resolvconf(8). Additionally, the resulting interface name should have a high priority when the order defined in interface-order(5) is applied.