IPSEC DNS troubles after recent upgrade
-
Hello all,
I have recently upgraded my PFsense to version 2.2 and have been having ipsec issues since.
I have IPsec configured for mobile clients as per this guide:
https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To
I am using my iPhone to connect remotely.
I have 3 networks – 192.168.11.0/27 (vlan 11), 192.168.12.0/27(vlan 12) and 192.168.13.0/27(vlan 13)
Before the upgrade i had 192.168.11.0/27 configured in my phase 2 local network setting and PFsense used to route the traffic automatically to the subnets mentioned above. To rectify this i have added 192.168.0.0/16 into the phase 2 settings of ipsec allow me to communicate with these hosts internally.
However, when i try resolve hostnames within any part of the network via my iphone (via ipsec 192.168.14.0/27) it seems to fail. But entering an ip address works?
I have "Provide a list of accessible networks to clients", "Provide a default domain name to clients" checked, and have provided a 192.168.11.1 (pfsense) as the DNS server.
-
Put the subnets to DNS resolver's ACL.
-
Put the subnets to DNS resolver's ACL.
I forgot to mention that i only have the forwarder enabled.
Edit: I have configured the resolver and put the subnets into the acl. Still no progress :(.
-
After using tcpdump, ive found that is adding a 'p' to the dns name?
22:10:13.224727 IP (tos 0x0, ttl 64, id 50068, offset 0, flags [none], proto UDP (17), length 74)
....* > 198.41.0.4.53: [udp sum ok] 49117% [1au] A? homepc.homelanp -
No idea what's adding p. This is at least third report of this, someone file a bug. See https://forum.pfsense.org/index.php?topic=88226.0
Edit: Reported here: https://redmine.pfsense.org/issues/4418
-
Thanks doktornotor 8)