<![CDATA[Troubleshooting DNS failures over VPN from Win11 clients]]>Hi

Would appreciate any help to troubleshoot why DNS resolutions are failing after Windows 11 clients successfully make VPN connections to pfsense+ ver 23.09.1-RELEASE.

Configurations:

  • Configured pfsense+ with IPsec Remote Access VPN Using IKEv2 with EAP-MSCHAPv2 by followingthese steps.
  • Windows client configured following these steps.

On the Windows client, after connecting to VPN see here

DNS Servers is showing to be set correctly (192.168.222.1). I believe the reason for DNS failure is that the DNS Server is showing unknown.

Client configurations made on pfsense+ : see here

Can someone please help me why DNS is failing on clients after a successful VPN connection? What am I missing?

Thanks in advance
Best Regards
SMK

]]>https://forum.netgate.com/topic/185523/troubleshooting-dns-failures-over-vpn-from-win11-clientsRSS for NodeWed, 17 Jun 2026 19:51:03 GMTSun, 14 Jan 2024 02:54:26 GMT60<![CDATA[Reply to Troubleshooting DNS failures over VPN from Win11 clients on Sat, 20 Jan 2024 04:14:52 GMT]]>@smk said in Troubleshooting DNS failures over VPN from Win11 clients:

Default Gateway is not being set on the VPN connection.

Pfsense does what you tell it to do - just because you connect to some vpn service - unless you tell pfsense to route all traffic out that connection, why would you think it should be default?

]]>https://forum.netgate.com/post/1148725https://forum.netgate.com/post/1148725Sat, 20 Jan 2024 04:14:52 GMT<![CDATA[Reply to Troubleshooting DNS failures over VPN from Win11 clients on Sat, 20 Jan 2024 00:39:29 GMT]]>Thanks @johnpoz. Apologies for the delay in response.

168.63.129.16 is a virtual public IP address that is used by Azure to facilitate a communication channel to Azure where the client VM resides.

You hit it on the nail! No problems when testing on a laptop as VPN client!

It bothers me that the Default Gateway is not being set on the VPN connection. How can I force that to be set from pfsense?

Regards

]]>https://forum.netgate.com/post/1148711https://forum.netgate.com/post/1148711Sat, 20 Jan 2024 00:39:29 GMT<![CDATA[Reply to Troubleshooting DNS failures over VPN from Win11 clients on Sun, 14 Jan 2024 04:43:25 GMT]]>@smk what server is 168.63.129.16 ?? Why would he know about your stuff?

]]>https://forum.netgate.com/post/1147741https://forum.netgate.com/post/1147741Sun, 14 Jan 2024 04:43:25 GMT