Azure to pfSense IPSec Tunnel - DNS issues



  • I have a real puzzler and I cannot seem to figure it out.  I'm hoping there is someone who might offer suggestions.

    First, separate question:

    My IPSec tunnel between my pfSense box and Azure box seems to go down with no activity after awhile.  As the configuration options on the Azure side are limited, does anyone have a solution on this?

    Now, for the real issue:

    I have a working VPN tunnel between my local network and Azure.  From an Azure machine, I can ping items on my local network.  However, DNS doesn't function at all.  Here is a basic setup:

    Local Network
    DNS Server: 10.10.218.5
    OS: Server 2008 R2 Enterprise
    All firewall profiles are disabled

    Azure Network
    Local server: 172.16.0.4
    Looks to local network for DNS.
    OS: Server 2012 Datacenter
    All firewall profiles are disabled

    Both systems can ping each other successfully.  RDP functionality works fine.  File sharing works fine.  However, if I execute any DNS lookups from my Azure system to 10.10.218.5, they fail.  Utilizing NSLOOKUP, any queries will generate four "DNS request timed out" and obviously fail.  Now, the kicker is that from the Azure system, I can telnet to port 53 and get an answer successfully.

    Based on this, is this a problem with the tunnel or something in pfSense blocking?  Any bright ideas?



  • I should add that I don't believe this is isolated to Azure.  We have a second IPSec tunnel as well from another site with different hardware and it too cannot resolve DNS across the tunnel.  Again, any feedback you all can supply would be really helpful.  Thanks!



  • Odd thing you mentioned is that telnet is tcp whereas dns is udp port 53….



  • …and with that response, I honestly figured it out.  Sheesh!  Why didn't I remember to allow UDP across my tunnel?  DNS works fine now.  Thanks!


Log in to reply