2.3.5 DNS Suffix no longer working With Shrewsoft

RobEmery

Hello,

We've just upgraded our in-office firewalls to 2.3.5 and we've found that clients using ShrewsoftVPN no longer have
a working DNS suffix provided to them.

I've run the shrewsoft tracetool on the clients and I can see a difference in the attributes that are pulled:

Working (2.2.6)

18/04/12 16:04:22 ii : received config pull response
18/04/12 16:04:22 ii : - IP4 Address = 192.168.254.2
18/04/12 16:04:22 ii : - IP4 DNS Server = 10.3.0.10
18/04/12 16:04:22 ii : - IP4 DNS Server = 10.3.0.11
18/04/12 16:04:22 ii : - Unkown VARIABLE 13 = 8 bytes
18/04/12 16:04:22 ii : - DNS Suffix = ourdomain.internal
18/04/12 16:04:22 ii : - Split Domain
18/04/12 16:04:22 ii : - IP4 Split Network Include = ANY:10.3.0.0/24:*

Not Working (2.3.5)

18/04/12 16:00:52 ii : received config pull response
18/04/12 16:00:52 ii : - IP4 Address = 192.168.2545.2
18/04/12 16:00:52 ii : - IP4 DNS Server = 10.3.0.10
18/04/12 16:00:52 ii : - IP4 DNS Server = 10.3.0.11
18/04/12 16:00:52 ii : - IP4 Subnet = ANY:10.3.0.0/24:*
18/04/12 16:00:52 ii : - Unkown VARIABLE 28676 = 8 bytes
18/04/12 16:00:52 ii : - Unkown VARIABLE 28674 = 18 bytes
18/04/12 16:00:52 ii : - Unkown VARIABLE 28675 = 18 bytes
18/04/12 16:00:52 ii : - Unkown VARIABLE 28673 = 1 bytes

I've looked at the config files in /var/etc/ipsec/strongswan.conf between both versions and they both have:

        plugins {
                attr {
                        dns = 10.3.0.10,10.3.0.11
                        subnet = 10.3.0.0/24
                        split-include = 10.3.0.0/24
                        # Search domain and default domain
                        28674 = "ourdomain.internal"
                        28675 = "ourdomain.internal"
                }

This is with the same version of shrewsoft etc, the only difference is the version of PFSense.

Any thoughts?

Thanks,
Rob