resolve plugin » History » Version 1
The resolve plugin writes nameservers to resolv.conf. It is enabled by default.
Nameservers received via configuration payloads (IKEv2) or via Mode Config (IKEv1) are added to /etc/resolv.conf or installed via resolvconf(8). When the connection goes down nameservers are automatically removed again.
The plugin is configured using the following strongswan.conf options.
|charon.plugins.resolve.file||/etc/resolv.conf||File where nameservers are written to.|
|charon.plugins.resolve.resolv_conf.iface_prefix||lo.inet.ipsec.||Prefix to be used for interface names provided to resolvconf(8).|
|pluto.plugins.resolve.file||/etc/resolv.conf||File where nameservers are written to.|
|pluto.plugins.resolve.resolv_conf.iface_prefix||lo.inet.ipsec.||Prefix to be used for interface names provided to resolvconf(8).|
Support for resolvconf(8)¶
Since version 4.6.3 strongSwan provides support for installing nameservers via the resolvconf framework. If resolvconf is installed the plugin automatically invokes it appropriately instead of modifying resolv.conf directly.
The interface names provided to resolvconf are built by adding the IP address of the nameserver to the prefix configured in strongswan.conf (or the default). The result must be a valid interface name according to the rules specified by resolvconf(8). Additionally, the resulting interface name should have a high priority when the order defined in interface-order(5) is applied.