Ipsec.conf and ipsec.user.conf HOW SET rightdns PERMANENTLY


I am using several ipsec roadworrior connections.
I would like to set rightdns for all connections PERMANENTLY

if you look at ipsec.conf (/ect/) all connections have the parameter rightdns set (by system) this way “rightdns=” by default.

I’d like to set it (for istance rightdns=, but when add or remove a connection by GUI, all parameter are resetted to “rightdns=”.

I can’t even enter rightdns inside con %deafult beacuse all the rightdns= inserted below overwrite (so delete) the con &default rightdns=

There is another file: ipsec.user.conf
I found the comment: # user connections that should not overwritten by the webif
but is unclear how to use it.

it is included inside the ipsec.conf but at the beginning of the file, before of all connections
So in the the rightdns= overwrite again any different setting

Do you know how to ser rightdns permanently for all connections?
Hoe can I use ipsec.user.conf

Edit the client connection and add the DNS serve(s) you want into the box labelled DNS Servers: on the Add Connection WUI page.

After saving the edited client connection the client conf should have the DNS Servers you entered into that entry box added into the rightdns= line.

I have tested this out on my IPFire vm testbed and can confirm that adding the DNS Servers into the WUI page adds them to the ipsec.conf file

My entry in the WUI page

The result in the ipsec.conf file


Thanks pal,

I was so concentrate to the files that I forgot to have a look at the GUI.
Anyway have you got an idea about why include ipsec.user.conf is at the beginning of ipsec.conf
(I mean this way all connections overwrite) and how can be used?

Thanks again!


Looking through the git repo the entry of the ipsec.user.conf was made in 2010 in Core Update 38.

The commit says it was added to enable user defined connections to be defined that would not be overwritten by the WUI.

So to use it you have to manually enter the whole user connection line set for a custom entry, not just some individual commands. Of course, based on that it would also mean that those custom user connections would not show up at all in the WUI page.

So it looks like it was introduced for a different purpose as you were looking for.

Many thanks!

Now everything is more clear.