-
@jimp said in 21.02-RELEASE IPsec Mobile DNS Issues:
swanctl --load-all --file /var/etc/ipsec/swanctl.conf --debug 1
No luck after a stop & start.
# swanctl --load-all --file /var/etc/ipsec/swanctl.conf --debug 1 loaded certificate from '/var/etc/ipsec/x509/cert-1.crt' loaded certificate from '/var/etc/ipsec/x509ca/37e450ce.0' loaded RSA key from '/var/etc/ipsec/private/cert-1.key' no authorities found, 0 unloaded no pools found, 0 unloaded loaded connection 'bypass' loaded connection 'con-mobile' successfully loaded 2 connections, 0 unloaded -
OK, so it's not loading it still. Makes sense as it may not have any other part of the configuration referencing it. I don't have any setups like this handy to poke at further, so I opened https://redmine.pfsense.org/issues/11447 to track it further for now.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp Ta Jim, if you need anymore info feel free to ask.
-
I've found a work around.
# swanctl --load-all --file /var/etc/ipsec/swanctl.conf --debug 1 loaded certificate from '/var/etc/ipsec/x509/cert-1.crt' loaded certificate from '/var/etc/ipsec/x509ca/37e450ce.0' loaded RSA key from '/var/etc/ipsec/private/cert-1.key' no authorities found, 0 unloaded loaded pool 'mobile-pool-v4' successfully loaded 1 pools, 0 unloaded loaded connection 'bypass' loaded connection 'con-mobile' successfully loaded 2 connections, 0 unloaded # -
Do your clients still get their addresses from RADIUS?
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp yes they do :)
-
OK, that should be good then. If a client doesn't have an address defined in RADIUS it will pull from that pool.
I know we added support to let both work at once in 2.5/21.02 but it hasn't seen a lot of real-world testing so far.
I'll try to find some time to setup a test rig for that here and see if I can come up with a way to allow the client settings to be defined without specifying the pool addresses.
-
Hi @jimp ! I am having the same problem after upgrading to 2.5. I used the workaround in this post, and mobile pools are loaded but still DNS servers are not pushed to Windows 10 client. It was all working great before the upgrade. Any clues on what to try out next?
-
@costasga try to apply Patch ID c03a2049b11304f592d0de78aa4bfb568e9a13ae
see https://docs.netgate.com/pfsense/en/latest/development/system-patches.html -
@viktor_g Thanks for the super fast response. Unfortunately no improvement, DNS servers still not pushed. If uncheck the "Provide a virtual IP address to clients" like the above workaround, the mobile pool is not loaded despite the patch.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.