How many clients that many config files (not all clients want same dns servers)?

[goors]

Checklist

• [x] I searched existing Issues, and did not find a similar enhancement request
• [x] This enhancement request is about the VPN setup scripts, and not IPsec VPN itself
• [x] I read the README
• [x] I read the Important notes
• [x] I followed instructions to configure VPN clients
• [x] I checked IKEv1 troubleshooting, IKEv2 troubleshooting and VPN status

I am not sure if you resolves this already, I can not find it in docs.

No matter how many clients you add you will only have one file in /etc/ipsec.d/ikev2.conf. Like that VPN_DNS_SRV1=10.7.0.68 VPN_DNS_SRV2=8.8.8.8 bash ikev2.sh --addclient clientName it is pointless to have VPN_DNS_SRV1 and VPN_DNS_SRV2since file /etc/ipsec.d/ikev2.conf will be overwritten with dns (custom or google).

Problem that this is cauisng is in fact you have just one client since /etc/ipsec.conf has include /etc/ipsec.d/*.conf. That means only one file all the time.

What if i want to have like this

client1 modecfgdns="10.8.0.68 8.8.8.8"

client 2 modecfgdns="10.7.0.68 8.8.8.8"

I want each client to have different dns. Now there is no option to do this because VPN_DNS_SRV1 don't do anything as env var to your script.

Is there a way to not save each client and have just 1 file? How many clients that many .conf files?

[goors]

When you do modecfgdns="10.8.0.68 10.7.0.68 8.8.8.8" only first DNS will be used. This is on Osx. I am not sure for Windows or Linux.

So in another words you will be able to dig somedomain @10.7.0.68 but not to ping. So if you say something like dig somedomain @10.7.0.68 -> it will work But ping somedomain will not work since 10.7.0.68 is second in dns entries.

I tried everything. Let me know is this makes sense what i wrote.

[hwdsl2]

@goors Hello! The feature you mentioned (set different DNS servers for each IKEv2 client) cannot currently be done automatically using the IKEv2 script. The VPN_DNS_SRV1 and VPN_DNS_SRV2 variables are not supported when adding a new IKEv2 client.

However, you can set different DNS server(s) for each IKEv2 client by manually editing /etc/ipsec.d/ikev2.conf. Please refer to the section Internal VPN IPs and traffic in Advanced usage. Expand the section "IKEv2 mode: Assign static IPs to VPN clients" to see examples. More specifically, for your use case, you can do something like:

conn ikev2-cp
  left=%defaultroute
  ... ...

conn ikev2-shared
  # COPY everything from the ikev2-cp section, EXCEPT FOR:
  # rightid, rightaddresspool, modecfgdns, auto=add

conn client1
  rightid=@client1
  rightaddresspool=192.168.43.4-192.168.43.4
  modecfgdns="8.8.8.8 8.8.4.4"
  auto=add
  also=ikev2-shared

conn client2
  rightid=@client2
  rightaddresspool=192.168.43.5-192.168.43.5
  modecfgdns="1.1.1.1 1.0.0.1"
  auto=add
  also=ikev2-shared

Save the file and run sudo service ipsec restart to take effect. In this example, replace client1 and client2 with the actual client names you specified when adding the clients. The rightid should have a @ prefix before the client name.

[goors]

Thank you, i will try it and let you know. Should I close feature request?