IPSEC DNS troubles after recent upgrade



  • Hello all,

    I have recently upgraded my PFsense to version 2.2 and have been having ipsec issues since.

    I have IPsec configured for mobile clients as per this guide:

    https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To

    I am using my iPhone to connect remotely.

    I have 3 networks  – 192.168.11.0/27 (vlan 11), 192.168.12.0/27(vlan 12) and 192.168.13.0/27(vlan 13)

    Before the upgrade i had 192.168.11.0/27 configured in my phase 2 local network setting and PFsense used to route the traffic automatically to the subnets mentioned above. To rectify this i have added 192.168.0.0/16 into the phase 2 settings of ipsec allow me to communicate with these hosts internally.

    However, when i try resolve hostnames within any part of the network via my iphone (via ipsec 192.168.14.0/27) it seems to fail. But entering an ip address works?

    I have "Provide a list of accessible networks to clients", "Provide a default domain name to clients" checked, and have provided a 192.168.11.1 (pfsense) as the DNS server.


  • Banned

    Put the subnets to DNS resolver's ACL.



  • @doktornotor:

    Put the subnets to DNS resolver's ACL.

    I forgot to mention that i only have the forwarder enabled.

    Edit: I have configured the resolver and put the subnets into the acl. Still no progress :(.



  • After using tcpdump, ive found that is adding a 'p' to the dns name?

    22:10:13.224727 IP (tos 0x0, ttl 64, id 50068, offset 0, flags [none], proto UDP (17), length 74)
        ....* > 198.41.0.4.53: [udp sum ok] 49117% [1au] A? homepc.homelanp


  • Banned

    No idea what's adding p. This is at least third report of this, someone file a bug. See https://forum.pfsense.org/index.php?topic=88226.0

    Edit: Reported here: https://redmine.pfsense.org/issues/4418



  • Thanks doktornotor  8)