Project

General

Profile

Actions

Bug #11891

open

strongSwan configuration contains incorrect structure for mobile pool DNS records

Added by Oleksandr Yermolenko 7 months ago. Updated about 1 month ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
05/05/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
2.5.1
Affected Architecture:
amd64

Description

Hello,

according to https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf:
old style configuration

rightdns=<ip>[,…]     

should be transformed to the next records:
connections.<conn>.pools=<poolname>
pools.<poolname>.dns=<ip>[,…]

but 2.5.1 version config generated in the following way:

pools {
}
mobile-pool {
        dns = 10.71.1.11,10.70.3.11
        28679 = "20" 
}

and connection

con-mobile-defaults {
...
        pools = radius-pool, radius
...


Related issues

Related to Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributesFeedbackJim Pingle02/18/2021

Actions
Actions #1

Updated by Jim Pingle 7 months ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle
  • Target version set to 2.6.0

"radius" is a special internal pool in strongSwan, which expects settings to be returned from RADIUS and not defined in the configuration.

Though "radius-pool" should be defined to include the settings from "mobile-pool" as a template which would bring in the DNS settings from there, and that seems to not be making it into the config in certain cases.

Actions #2

Updated by Jim Pingle 7 months ago

  • Status changed from In Progress to Feedback
Actions #3

Updated by Jim Pingle 7 months ago

  • Plus Target Version set to 21.05
Actions #4

Updated by Jim Pingle 7 months ago

Already in 21.05 branch.

Actions #5

Updated by Jim Pingle 7 months ago

  • Subject changed from swanctl.conf/mobile-pool: incorrect config structure for DNS records to strongSwan configuration contains incorrect structure for mobile pool DNS records

Updating subject for release notes.

Actions #6

Updated by Jim Pingle 6 months ago

  • Plus Target Version changed from 21.05 to 21.09

Reverted RADIUS-specific parts of the change here for now, it was causing the configuration to fail. Can try again before the next release.

Actions #7

Updated by Jim Pingle 6 months ago

  • Status changed from Feedback to New
Actions #8

Updated by Viktor Gurov 4 months ago

Jim Pingle wrote in #note-6:

Reverted RADIUS-specific parts of the change here for now, it was causing the configuration to fail. Can try again before the next release.

should be fixed in #11447#note-14

Actions #9

Updated by Jim Pingle 4 months ago

  • Related to Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes added
Actions #10

Updated by Jim Pingle 4 months ago

  • Status changed from New to Pull Request Review
Actions #11

Updated by Jim Pingle 3 months ago

  • Status changed from Pull Request Review to Feedback

Referenced PR was merged a few weeks ago.

Actions #12

Updated by Jim Pingle about 1 month ago

  • Plus Target Version changed from 21.09 to 22.01
Actions

Also available in: Atom PDF