Project

General

Profile

resolve plugin » History » Version 1

Version 1/3 - Next » - Current version
Tobias Brunner, 27.03.2012 11:04
resolve plugin documented


resolve plugin

The resolve plugin writes nameservers to resolv.conf. It is enabled by default.

Behavior

Nameservers received via configuration payloads (IKEv2) or via Mode Config (IKEv1) are added to /etc/resolv.conf or installed via resolvconf(8). When the connection goes down nameservers are automatically removed again.

Configuration

The plugin is configured using the following strongswan.conf options.

Key Default Description
IKEv2
charon.plugins.resolve.file /etc/resolv.conf File where nameservers are written to.
charon.plugins.resolve.resolv_conf.iface_prefix lo.inet.ipsec. Prefix to be used for interface names provided to resolvconf(8).
IKEv1
pluto.plugins.resolve.file /etc/resolv.conf File where nameservers are written to.
pluto.plugins.resolve.resolv_conf.iface_prefix lo.inet.ipsec. Prefix to be used for interface names provided to resolvconf(8).

Support for resolvconf(8)

Since version 4.6.3 strongSwan provides support for installing nameservers via the resolvconf framework. If resolvconf is installed the plugin automatically invokes it appropriately instead of modifying resolv.conf directly.

The interface names provided to resolvconf are built by adding the IP address of the nameserver to the prefix configured in strongswan.conf (or the default). The result must be a valid interface name according to the rules specified by resolvconf(8). Additionally, the resulting interface name should have a high priority when the order defined in interface-order(5) is applied.