<![CDATA[IPSec]]>Using Cisco IPSec for VPN under OS X or iOS, DNS server settings are no longer being handled properly by the client.  This was working properly in 2.1, but in 2.2 something broke.  Oddly, I can see the server settings in the VPN on OS X, but it seems not to send lookups for the domain to the configured DNS server.

The other odd thing is that with scutil –dns, the search domains are "my.domain.comp", not "my.domain.com".  That's definitely weird.

]]>https://forum.netgate.com/topic/79190/ipsecRSS for NodeWed, 20 May 2026 04:21:49 GMTTue, 03 Feb 2015 09:35:06 GMT60<![CDATA[Reply to IPSec on Mon, 09 Feb 2015 00:08:21 GMT]]>Thanks all.  I do have DNS set in phase 2.  It simply does not work.

See https://forum.pfsense.org/index.php?topic=88226.0 for an identical example with more thorough logs.

I suspect a possible migration or upgrade issue, but I would need to find the time to do a clean install.

]]>https://forum.netgate.com/post/517315https://forum.netgate.com/post/517315Mon, 09 Feb 2015 00:08:21 GMT<![CDATA[Reply to IPSec on Tue, 03 Feb 2015 21:12:52 GMT]]>check /var/etc/ipsec/strongswan.conf for what it's setting. Should be something like:

# Search domain and default domain
			28674 = example.com
			28675 = example.com

The problem with DNS server reachability is probably with Ermal noted, the P2 local network in strongswan is strictly enforced where racoon may not have.

]]>https://forum.netgate.com/post/515240https://forum.netgate.com/post/515240Tue, 03 Feb 2015 21:12:52 GMT<![CDATA[Reply to IPSec on Tue, 03 Feb 2015 11:59:08 GMT]]>Check the RELEASE notes on the phase2 setting for mobile clients.
Probably your dns servers are not in the phase2 definition.

]]>https://forum.netgate.com/post/515003https://forum.netgate.com/post/515003Tue, 03 Feb 2015 11:59:08 GMT