resolve plugin¶
The resolve plugin writes name servers to resolv.conf. It is enabled by default.
Behavior¶
Name servers received via configuration payloads (IKEv2) or via Mode Config (IKEv1) are added to /etc/resolv.conf or installed via resolvconf(8). When the connection goes down name servers are automatically removed again.
Configuration¶
The plugin is configured using the following strongswan.conf options.
| Key | Default | Description |
| charon.plugins.resolve.file | /etc/resolv.conf | File where name servers are written to. |
| charon.plugins.resolve.resolv_conf.iface_prefix | lo.inet.ipsec. | Prefix to be used for interface names provided to resolvconf(8). |
Support for resolvconf(8)¶
Since version 4.6.3 strongSwan provides support for installing name servers via the resolvconf framework. If resolvconf is installed the plugin automatically invokes it appropriately instead of modifying resolv.conf directly.
The interface names provided to resolvconf are built by adding the IP address of the name server to the prefix configured in strongswan.conf (or the default). The result must be a valid interface name according to the rules specified by resolvconf(8). Additionally, the resulting interface name should have a high priority when the order defined in interface-order(5) is applied.