[2.2] Strong Swan DNS Problems with mobile users

rkuo

I am having the exact same problem.  The upgrade to 2.2 broke DNS and I am seeing the same "p" appended to the domain, which is a bad sign, even tho I can't be sure.

networkninja

Well I guess nobody cares except those that are affected by this…

dwood

I was hung up in the same situation.  I took my first crack at OpenVPN which I got configured, routing and pushing out client install packages in about 15 minutes.  Very slick on both iOS and PC.

doktornotor

@networkninja:

Well I guess nobody cares except those that are affected by this…

What's not reported cannot get fixed => https://redmine.pfsense.org/issues/4418

dstroot

For what it's worth I have asked several times about setting up an IPSEC VPN with a current version of iOS (apple iphone, not Cisco).  I can't get it to work for the life of me but for some reason vpn'ing back in via your iPhone or iPad doesn't seem to get a lot of attention here.  If I could figure it out I'd be happy to create a nice guide with screenshots, etc and hopefully put it up on the Wiki.

I feel OpenVPN (which does work well) is clunky and I would prefer a "built-in" option.

cmb

@doktornotor:

What's not reported cannot get fixed => https://redmine.pfsense.org/issues/4418

Thanks notor, I was already looking into it.

@dstroot:

but for some reason vpn'ing back in via your iPhone or iPad doesn't seem to get a lot of attention here.

Because it works perfectly fine. And there are instructions.
https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To
though the instructions in the 2.1x book are better in general, and equally applicable to 2.2.

I tend to have to limit my involvement here to things that are quickly addressable, or things indicative of a bug of some sort. We setup mobile IPsec for iOS for support customers all the time, and use it ourselves with iOS and OS X.

eri--

Can you please test the change done for https://redmine.pfsense.org/issues/4418 and report back?

doktornotor

@ermal:

Can you please test the change done for https://redmine.pfsense.org/issues/4418 and report back?

Cannot see any commit there. In general, there seems to be some issue with Redmine showing commits with a significant delay.

EDIT: Finally there, took over 30 minutes  ???

networkninja

Thanks for looking into this!

Garrett

Just found a workaround by appending another bogus domain name in my split-dns list from: "mydomain.com" to "mydomain.com bogus.com". That seemed to do the trick.

cmb

@Garrett:

Just found a workaround by appending another bogus domain name in my split-dns list from: "mydomain.com" to "mydomain.com bogus.com". That seemed to do the trick.

That'll work around it. The root issue, which was a client-side problem, was fixed in OS X El Capitan for sure, and I believe a newer iOS version than this thread originally referenced as well.