IPSEC DNS Traffic issue
-
None of that gives us anything to go on either.
Please understand that if everything was configured correctly, it would be working.
What is not configured correctly cannot be gleaned from you saying everything is configured correctly but not showing your work.
You have not shown us anything since you opened this thread over three weeks ago.
-
I asked what you wanted a couple of posts ago. Rather than telling me exactly what you need to see, you'd rather blame the server configuration. What network or firewall setting is going to change on its own dependent of which firewall is running? There is something off with the configuration of the firewall whether it be a configuration issue or corruption in the firewall itself. I'm just looking into guidance on where the problem could lie in the firewall and that's it.
-
This is simple network troubleshooting. You check DNS. Does it work? No? fix it. Then go hop-by-hop until you find the problem.
https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html?highlight=connectivity
All you have said is "There is nothing wrong with my network. Tell me what's wrong with my network."
-
@Derelict Why do you keep harping on the network? Why can't you wrap your head around the fact that the only thing changing is the firewall. When the old firewall is in place everything functions properly. It's not until the new firewall is in place does this issue come up. So it's either a configuration issue on the new firewall or some sort of corruption. I'm trying to get help trying to track down where the issue lies inside the firewall. I have asked what you need to see from the firewall to try to figure out what's going on, but you continue to go after a working network that has had 0 issues until the new firewalls where introduced. As soon as the old firewalls are brought back up everything works fine again. As far as the link you sent:
WAN:
If the WAN settings were off the tunnel would never be established and it is.
LAN:
Is set properly as I can Remote Desktop to both remote servers.
Firewall/Rules:
Only one rule is set for LAN and also for IPSEC - Allow All
Client Tests:
I can ping everything on both sides of the network. Remote -> Main & Main -> Remote
The main fact that I have allow all rule and Remote Desktop works and DNS and printing does not with the new firewalls, shows that it's something within the firewall not the network. I can state this with 100% confidence as ONCE AGAIN, the old firewalls which were purchased from Netgate work perfectly. It's not until I put the new firewalls up that these issues come up.
So please for the love of God ask me for some diagnostic data from the firewalls themselves to try to track this down this issue rather than continuing the harp about the existing and 100% functioning network.
-
@TechUnplugged Also there are no hops other than the tunnel.
Main Office (Servers) -> Switch -> Netgate Firewall -> Internet <- Netgate Firewall <- Switch <-Workstations
-
Great Apply IP addresses and networks to all of that and show your configuration. Need to see all of the interfaces, all of the interface rules including IPsec tabs, all of the IPsec configuration, etc. Then explain exactly what is NOT working in a manner such that there is no guessing involved.