Cannot resolve local DNS Resolver from IPSec client

jgiannakas

I've finally managed to setup an IPSec tunnel for my MacBook (Sierra) and PFSense. Configuration is as below in the screenshots.

Unfortunately I cannot resolve any DNS entries on the WAN/LAN when using my PFSense configured DNS resolver (192.168.1.1) as the DNS server provided to the IPSec Mobile Clients config page. If I use google's 8.8.8.8 / 8.8.4.4 the DNS resolves successfully and all traffic is routed through the PFSense IPSec server.

I can ping WAN IP addresses with either google or local DNS and I can successfully access the LAN with either configurations.

I am guessing its something super simple but I am lost as to what it might be!

Any help please?
![IPSec Mobile Config.jpg](/public/imported_attachments/1/IPSec Mobile Config.jpg)
![IPSec Mobile Config.jpg_thumb](/public/imported_attachments/1/IPSec Mobile Config.jpg_thumb)
![phase 2.jpg](/public/imported_attachments/1/phase 2.jpg)
![phase 2.jpg_thumb](/public/imported_attachments/1/phase 2.jpg_thumb)

jgiannakas

Duh stupid me, had not added the IPSec addresses to the DNS resolver access list! Problem appears to be resolved.

kfkehua

Hi, I ran into the same situation as you where my ipsec clients can't access the PFsense as the DNS.
I have successfully dished out the pfsense IP as the DNS to the clients, and the clients can ping it no problem.
But when trying to do a resolve I get Query refused:

nslookup yahoo.com 192.168.1.1
Server: UnKnown
Address: 192.168.1.1
*** UnKnown can't find yahoo.com: Query refused

I had added the IPSEC /24 network to the DNS resolver access list, but still no luck. Is there anything else you have to do??

Much appreciated.

Thanks.

kfkehua

Hi, nevermind, I found the issue, some time ago I installed BIND, I think its conflicting. I stopped BIND and it works now. thanks.