pfSense 2.7.2 IKEv2 MS-ADCS

nzlv

I followed the instructions
https://michaelfirsov.wordpress.com/testing-pfsense-ipsecv2-vpn-with-windows-authentication-part-1/

There is half a connection, but...
Let’s say I can get to 10.10.10.15 via SMB, but I can’t get to “server” by the server name (it’s not in the domain but in the workgroup).
Also, the Internet does not work on the computer; the home router responds to nslookup by default, but if you explicitly specify it, the domain router responds.

C:\Users\nzlv>nslookup dc1.domen.local
╤хЁтхЁ: XiaoQiang
Address: 192.168.31.1

*** XiaoQiang could not find dc1.domen.local: Non-existent domain

C:\Users\nzlv>nslookup dc1.domen.local 10.10.10.10
╤хЁтхЁ: dc1.domen.local
Address: 10.10.10.10

Name: dc1.domain.local
Address: 10.10.10.10

C:\Users\nzlv>nslookup dc1 10.10.10.10
╤хЁтхЁ: dc1.domen.local
Address: 10.10.10.10

*** dc1.domen.local could not be found dc1: Server failed

C:\Users\nzlv>nslookup server 10.10.10.10
╤хЁтхЁ: dc1.domen.local
Address: 10.10.10.10

*** dc1.domen.local could not find server: Server failed

C:\Users\nzlv>nslookup server.domain.local 10.10.10.10
╤хЁтхЁ: dc1.domen.local
Address: 10.10.10.10

Name: server.domain.local
Address: 10.10.10.15

ipconfig /all on the computer from which I connect gives this.

Ethernet Adapter Ethernet 4:

Connection DNS suffix. . . . . :
Description. . . . . . . . . . . . . : Intel(R) Ethernet Connection (17) I219-V
Physical adress. . . . . . . . . : A8-A1-59-B7-22-5D
DHCP is enabled. . . . . . . . . . . : Yes
Auto-tuning is enabled. . . . . . : Yes
Link-local IPv6 address. . . : fe80::7b39:9d02:a421:2c17%4(Main)
IPv4 address. . . . . . . . . . . . : 192.168.31.142(Main)
Subnet mask . . . . . . . . . . : 255.255.255.0
Rent received. . . . . . . . . . : May 31, 2024 8:34:13
The lease is expiring. . . . . . . . . . : May 31, 2024 20:34:13
Main gate. . . . . . . . . : 192.168.31.1
DHCP server. . . . . . . . . . . : 192.168.31.1
IAID DHCPv6. . . . . . . . . . . : 78160217
DHCPv6 client DUID. . . . . . . : 00-01-00-01-26-F2-DA-B3-08-60-6E-D6-5A-AE
DNS servers. . . . . . . . . . . : 192.168.31.1
NetBios over TCP/IP. . . . . . . . : Included

PPP UDT adapter:

Connection DNS suffix. . . . . :
Description. . . . . . . . . . . . . :UDT
Physical adress. . . . . . . . . :
DHCP is enabled. . . . . . . . . . . : No
Auto-tuning is enabled. . . . . . : Yes
IPv4 address. . . . . . . . . . . . : 10.10.20.1(Main)
Subnet mask . . . . . . . . . . : 255.255.255.255
Main gate. . . . . . . . . : 0.0.0.0
DNS servers. . . . . . . . . . . : 10.10.10.10
NetBios over TCP/IP. . . . . . . . : Included

On pfsense here it is

And on radius

He writes in the manual he used to make it.

Like, pay attention to the subnet 10.5.5.0, well, I noticed, I made it 10.10.20.0, since the main one is 10.10.10.0.
In dns I wrote my 10.10.10.10.

My pings are running back and forth.

Actually questions:

why there is no Internet on the client, how to make it take the Internet from the home router, and how to make it take the Internet through the main office, that is, with pfsense.

Why is there no IP address "10.10.20.1" in IAS Log Viewer?

and how can I do it so that, let’s say I do \ \server and end up on the ball)

codechurn

@nzlv
Your Virtual Net Address pool is not configured correctly. The 24 should be in the drop down and not in the IP range. I have to wonder if this is somehow messing things up routing wise.

Also, I think you may want to check the "Provide a list of accessible networks to clients" on the Mobile Clients tab.