DNS not working correctly when ipsec tunnel is up on osx machine. SOLVED
-
Hi,
Banging against the wall here, really weird problem. I'm in the process of setting up remote connection to office network (Cisco ipsec) on my new machine (OSX). Everything works fine, except DNS resolution, I can't resolve any of the remote network addresses (example.remoteoffice.com) if I'm connected to my home network running pfSense. DNS resolution just fails.
I can do manual name resolution via "dig example.remoteoffice.com @ipsec.dns.ip"
Now here is the catch:
- If I use wifi from my router (no pfSense in the way), with same DHCP subnet everything works fine. I can resolve addresses on my machine without any issues
- I've tried installing Sophos utm, can resolve as well
- Tried using clean pfSense install, no dice
So, for some strange reason, when I'm connected to pfSense network, OSX won't route DNS queries to remote DNS, it does lookup on pfSense box and gives up after that.
Could it be some quirky DHCP setting that is pushed to OSX, that binds all DNS resolutions to pfsense box? I think I've checked all the menus, nothing that would resemble such setting. Tried using forwarder vs resolver (dunno why would this affect DNS resolution on OSX anyways)
UPDATE:
ARRGH nevermind, just discovered that some of our internal office domains resolve via external DNS as well and external DNS replies with private IP address -> filtered by DNS resolver on pfSense -> pfSense replies all good with empty A record.
And obviously sophos and generic home router is not doing any of the filtering.
Phew, I thought I'm going insane for a moment.
-
remove your DNS Default Domain from your mobile client IPSEC configuration and add it manually on the client's VPN DNS Domain configuration. This should work.
-
Sorry for digging this up - I am struggling with the same problem, but can't seem to get it working. Is this the configuration you are proposing?