OPNsense Forum
English Forums => Virtual private networks => Topic started by: Rolfieo on November 09, 2020, 10:49:24 am
-
I have 3 OPNSense Firewall with IPSEC tunnels between them.
One of my locations has some DNS issues.
Nov 5 21:32:44 OPNsense.DenHaag.xxxx.local charon[23490]: 45[LIB] resolving 'ipsec.xxxx.info' failed: Name does not resolve
Nov 5 21:32:45 OPNsense.DenHaag.xxxx.local charon[23490]: 46[LIB] resolving 'ziggo.xxxx.nl' failed: Name does not resolve
The IPSEC VPN goes after this down, but I can't trace the issue, why this is happingen.
A restart of the IPSEC service solved the issue. The IPSEC VPN tunnels are made within seconds after that restart.
The DNS is working for all the clients, so its not a direct resolve issue.
As it looks like a DNS issue, i have double checked my DNS configuration:
System/Settings/General:
DNS Servers: 8.8.8.8, 8.8.4.4 Use Gateway: none
DNS server options:
Allow DNS server list to be overridden by DHCP/PPP on WAN: Not Selected.
Do not use the local DNS service as a nameserver for this system: Not Selected
Services/Unbound DNS:
General:
Network Interfaces: LAN
DNS Query Forwarding: Enable Forwarding Mode
Local Zone Type: Transparant
I just did a search on the system.log of that time.
Nov 5 22:38:30 OPNsense.DenHaag.xxxx.local /update_tables.py[85636]: unable to resolve xxx.filemakerconsulting.com for alias Block_FileMakerPro
Nov 5 22:39:00 OPNsense.DenHaag.xxxx.local /update_tables.py[85636]: unable to resolve filemakerconsulting.com for alias Block_FileMakerPro
So it looks like there are more issues with DNS.
I can see in my smokeping that there was a high latency with packat drops on the WAN. So that explains some issues with the DNS resolving.
But then that was done, the system messages where also gone.
But when the DNS worked fine, it looks like the IPSEC did not notice it, and needed a restart of the service. But how could i prevent this?