IPsec + iOS and DNS Issues
-
I've configured IPsec per this guide, http://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0 I am having trouble getting my iPhone and iPad to resolve hostnames. I can connect to my NAS etc using the local IP address but any attempt to use the hostname causes it to fail. On my pfSense box I have DNS forwarder enabled and under mobile clients I have provide a DNS server checked and the IP address of my pfSense box first in the list. I've been pulling my hair out trying to figure this out.
-
Did you provide LAN IP as a DNS server in the VPN setup? Try setting it to an external DNS server such as 4.2.2.2 and check if that makes any difference.
-
I have the checkbox next to 'Provide a DNS server list to clients' checked and the first DNS I have listed is my pfSense box LAN IP address. When I connect with my notebook - OS X - Cisco IPsec using the credentials I've set up for my iPhone, if I look under DNS it has my firewall listed and under domains it has .priv my domain listed. My notebook is also not able to resolve hostname when connected via IPsec. Both my phone and notebook can browse the web (IP & Hostname) and connect to devices on my network (via IP address NOT hostname). I've also connected to the VPN and changed my DNS to my pfSense LAN IP and I am able to browse the web and when I attempt to ping devices on home network it's resolving somewhat, no response but I see firewall (10.10.72.1) or nas (10.10.72.7) but like I said no response via ping.
I am currently connected and off site, here is my dns per scutil –dns
DNS configuration
resolver #1
search domain[0] : site.stayonline.net
nameserver[0] : 4.2.2.2
nameserver[1] : 12.127.16.68
nameserver[2] : 12.127.16.67resolver #2
domain : local
options : mdns
timeout : 5
order : 300000resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
order : 300200resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
order : 300400resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
order : 300600resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
order : 300800resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
order : 301000DNS configuration (for scoped queries)
resolver #1
search domain[0] : site.stayonline.net
nameserver[0] : 4.2.2.2
nameserver[1] : 12.127.16.68
nameserver[2] : 12.127.16.67
if_index : 7 (en0)
flags : Scopedresolver #2
search domain[0] : priv
nameserver[0] : 10.10.72.1
if_index : 8 (utun0)
flags : Scoped -
I resolved the issue by adding a floating rule to allow IPsec to LAN subnet.
-
it's works for me too but what is this floating rule ?
thanks