Project

General

Profile

Actions
Copy link

Bug #11891

closed

strongSwan configuration contains incorrect structure for mobile pool DNS records

Added by Oleksandr Yermolenko almost 3 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
IPsec
Target version:
2.6.0
Start date:
05/05/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
2.5.1
Affected Architecture:
amd64

Description

Hello,

according to https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf:
old style configuration

rightdns=<ip>[,…]

should be transformed to the next records:
connections.<conn>.pools=<poolname>
pools.<poolname>.dns=<ip>[,…]

but 2.5.1 version config generated in the following way:

pools {
}
mobile-pool {
        dns = 10.71.1.11,10.70.3.11
        28679 = "20" 
}

and connection

con-mobile-defaults {
...
        pools = radius-pool, radius
...

Related issues

Related to Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributesClosedJim Pingle02/18/2021

Actions
Actions
Copy link
 #1

Updated by Jim Pingle almost 3 years ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle
  • Target version set to 2.6.0

"radius" is a special internal pool in strongSwan, which expects settings to be returned from RADIUS and not defined in the configuration.

Though "radius-pool" should be defined to include the settings from "mobile-pool" as a template which would bring in the DNS settings from there, and that seems to not be making it into the config in certain cases.

Actions
Copy link
 #2

Updated by Jim Pingle almost 3 years ago

  • Status changed from In Progress to Feedback
Actions
Copy link
 #3

Updated by Jim Pingle almost 3 years ago

  • Plus Target Version set to 21.05
Actions
Copy link
 #4

Updated by Jim Pingle almost 3 years ago

Already in 21.05 branch.

Actions
Copy link
 #5

Updated by Jim Pingle almost 3 years ago

  • Subject changed from swanctl.conf/mobile-pool: incorrect config structure for DNS records to strongSwan configuration contains incorrect structure for mobile pool DNS records

Updating subject for release notes.

Actions
Copy link
 #6

Updated by Jim Pingle almost 3 years ago

  • Plus Target Version changed from 21.05 to 21.09

Reverted RADIUS-specific parts of the change here for now, it was causing the configuration to fail. Can try again before the next release.

Actions
Copy link
 #7

Updated by Jim Pingle almost 3 years ago

  • Status changed from Feedback to New
Actions
Copy link
 #8

Updated by Viktor Gurov over 2 years ago

Jim Pingle wrote in #note-6:

Reverted RADIUS-specific parts of the change here for now, it was causing the configuration to fail. Can try again before the next release.

should be fixed in #11447#note-14

Actions
Copy link
 #9

Updated by Jim Pingle over 2 years ago

  • Related to Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes added
Actions
Copy link
 #10

Updated by Jim Pingle over 2 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #11

Updated by Jim Pingle over 2 years ago

  • Status changed from Pull Request Review to Feedback

Referenced PR was merged a few weeks ago.

Actions
Copy link
 #12

Updated by Jim Pingle over 2 years ago

  • Plus Target Version changed from 21.09 to 22.01
Actions
Copy link
 #13

Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF