IPSEC DNS troubles after recent upgrade

  • Hello all,

    I have recently upgraded my PFsense to version 2.2 and have been having ipsec issues since.

    I have IPsec configured for mobile clients as per this guide:


    I am using my iPhone to connect remotely.

    I have 3 networks  – (vlan 11), 12) and 13)

    Before the upgrade i had configured in my phase 2 local network setting and PFsense used to route the traffic automatically to the subnets mentioned above. To rectify this i have added into the phase 2 settings of ipsec allow me to communicate with these hosts internally.

    However, when i try resolve hostnames within any part of the network via my iphone (via ipsec it seems to fail. But entering an ip address works?

    I have "Provide a list of accessible networks to clients", "Provide a default domain name to clients" checked, and have provided a (pfsense) as the DNS server.

  • Banned

    Put the subnets to DNS resolver's ACL.

  • @doktornotor:

    Put the subnets to DNS resolver's ACL.

    I forgot to mention that i only have the forwarder enabled.

    Edit: I have configured the resolver and put the subnets into the acl. Still no progress :(.

  • After using tcpdump, ive found that is adding a 'p' to the dns name?

    22:10:13.224727 IP (tos 0x0, ttl 64, id 50068, offset 0, flags [none], proto UDP (17), length 74)
        ....* > [udp sum ok] 49117% [1au] A? homepc.homelanp

  • Banned

    No idea what's adding p. This is at least third report of this, someone file a bug. See https://forum.pfsense.org/index.php?topic=88226.0

    Edit: Reported here: https://redmine.pfsense.org/issues/4418

  • Thanks doktornotor  8)

Log in to reply