MSCHAPv2 VPN Working … mostly
-
(In hindsight, I posted this as a reply in another thread, I shouldn't have hijacked that thread. My apologies…)
After following the instructions here https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2, and learning more in the forums, I finally have a working VPN with MSCHAPv2. (I would rather have L2TP working, but that's another story for another thread)
The issue I have now, hopefully the last issue, I am able to get connected just fine, and have outbound internet access through my VPN.
What I don't have, however is access to hosts within my network, and there appears to be no DNS name resolution.
Through my VPN, I can browse to webconfigurator, by IP, but not by name. I can also communicate with the PCs on the network by IP.
I have allow any rules set on my firewall which should be allowing the traffic between LAN, IPsec and the virtual network set in the mobile clients.
Don't know if this is relevant or not, but doesn't look normal to me, so I'll include it
When the VPN is established on the Windows device,
DNS Suffix= <empty>IP address=192.168.33.2 (within the range I set on Mobile Clients)
Subnet mask=255.255.255.255
Default Gateway=0.0.0.0If anyone has any insight, I would be grateful.
Thanks!</empty>
-
Which DNS server you have set in the mobile clients section?
Open a CMD and type nslookup, what is the Output with / without the VPN connection?
-
Which DNS server you have set in the mobile clients section?
Open a CMD and type nslookup, what is the Output with / without the VPN connection?
Thank you for responding.
Well, the doc I followed (linked in my original post) does not mention entering a DNS server. So I didn't enter one at first. Since when I wasn't able to reach the hosts inside my lan, I did try entering the IP of my PF box. Still not luck.
To test from 'outside' my network, I am using internet sharing on my phone. when connected through my Phone nslookup returns my phone and it's IP as the default server and address. I get the same result whether I have the VPN connected or not.
Going one step further, ipconfig /all still shows no entry for DNS server on the VPN interface.