Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC DNS troubles after recent upgrade

    Scheduled Pinned Locked Moved IPsec
    6 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RS90
      last edited by

      Hello all,

      I have recently upgraded my PFsense to version 2.2 and have been having ipsec issues since.

      I have IPsec configured for mobile clients as per this guide:

      https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To

      I am using my iPhone to connect remotely.

      I have 3 networks  – 192.168.11.0/27 (vlan 11), 192.168.12.0/27(vlan 12) and 192.168.13.0/27(vlan 13)

      Before the upgrade i had 192.168.11.0/27 configured in my phase 2 local network setting and PFsense used to route the traffic automatically to the subnets mentioned above. To rectify this i have added 192.168.0.0/16 into the phase 2 settings of ipsec allow me to communicate with these hosts internally.

      However, when i try resolve hostnames within any part of the network via my iphone (via ipsec 192.168.14.0/27) it seems to fail. But entering an ip address works?

      I have "Provide a list of accessible networks to clients", "Provide a default domain name to clients" checked, and have provided a 192.168.11.1 (pfsense) as the DNS server.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Put the subnets to DNS resolver's ACL.

        1 Reply Last reply Reply Quote 0
        • R
          RS90
          last edited by

          @doktornotor:

          Put the subnets to DNS resolver's ACL.

          I forgot to mention that i only have the forwarder enabled.

          Edit: I have configured the resolver and put the subnets into the acl. Still no progress :(.

          1 Reply Last reply Reply Quote 0
          • R
            RS90
            last edited by

            After using tcpdump, ive found that is adding a 'p' to the dns name?

            22:10:13.224727 IP (tos 0x0, ttl 64, id 50068, offset 0, flags [none], proto UDP (17), length 74)
                ....* > 198.41.0.4.53: [udp sum ok] 49117% [1au] A? homepc.homelanp

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              No idea what's adding p. This is at least third report of this, someone file a bug. See https://forum.pfsense.org/index.php?topic=88226.0

              Edit: Reported here: https://redmine.pfsense.org/issues/4418

              1 Reply Last reply Reply Quote 0
              • R
                RS90
                last edited by

                Thanks doktornotor  8)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.