Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: Jhjacobs81 on November 18, 2020, 03:16:04 PM

Title: Windows 10: VPN works, DNS does not. (solved)
Post by: Jhjacobs81 on November 18, 2020, 03:16:04 PM
I have successfully added IKEv2 VPN (https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-mschapv2.html).

I can also connect to the company network. I can access the internet, and i can access any internal service by IP. However, the only way to get DNS working is by manually setting it on the interface through the control panel.

I have added our company's DNS settings in the VPN options of OPNSense, but to no avail :(

Is anyone else having this issue? We are working with Windows 10, 2004 and 20H2
Title: Re: Windows 10: VPN works, DNS does not.
Post by: pcampbell on November 25, 2020, 03:32:13 AM
Are you also supplying your DNS to your VPN client in the Mobile Clients setup?  If not check the box that says "Provide DNS Server List to Clients" under the DNS Servers section and put you DNS Server IP addresses in there.
Title: Re: Windows 10: VPN works, DNS does not.
Post by: Jhjacobs81 on December 02, 2020, 12:07:45 PM
hello pcambell,

Yes, we are suplying the dns servers in the config.
When i open /usr/local/etc/strongswan.conf there a section called plugins:

plugins {
        attr {
                dns = 10.0.0.32, 10.0.0.34
                }
          .....
            }

These are the same adresses i have set in the web config. This does not work however.
When i manually add the same adresses to the charon { } part (as per: https://wiki.strongswan.org/projects/strongswan/wiki/Win7UserMultipleConfig subheading "ASSIGNMENT OF INTERNAL DNS AND WINS SERVERS") then it works..

So, what goes wrong where? :)
Title: Re: Windows 10: VPN works, DNS does not.
Post by: Jhjacobs81 on December 02, 2020, 12:27:52 PM
see the "before" and "after" image :)
Title: Re: Windows 10: VPN works, DNS does not.
Post by: Jhjacobs81 on December 02, 2020, 12:57:11 PM
also:
https://www.cl.cam.ac.uk/~mas90/resources/strongswan/
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2

Speak about a "rightdns" entry in the conn esttings, which i dont see in my /usr/local/etc/ipsec.conf
Title: Re: Windows 10: VPN works, DNS does not.
Post by: pcampbell on December 03, 2020, 05:51:40 AM
Upon looking at my strongswan.conf, it looks like you "before".  (see attached).  Not sure why yours would not work until you add it manually.  I also do not show a "rightdns" in my ipsec.conf.  Can you provide screenshots of the Mobile Client settings in the GUI?  That may help. Also what does your network map look like?
Title: Re: Windows 10: VPN works, DNS does not.
Post by: Jhjacobs81 on December 03, 2020, 10:34:23 AM
networkmap: <INTERNET>===<dmz/opnsense>===</vpn/opnsense>===<internal network>
Quite simple :)

We use Windows 10 20H2, not sure if that changes anything, but heh!

i got this working with support from Deciso, the company behind OPNSense ;-)
Included are, what i believe, the relvant parts of the config, please feel free to tell if you miss anything!

And thank you for helping :) greatly apreciated!

Title: Re: Windows 10: VPN works, DNS does not.
Post by: pcampbell on December 03, 2020, 10:32:20 PM
Strange, but at a glance it appears to be a almost identical setup to mine.  Surprised you had trouble, but like you said, maybe Win10 20H2 makes the difference.  Glad you got it working.
Title: Re: Windows 10: VPN works, DNS does not.
Post by: Jhjacobs81 on December 08, 2020, 05:33:39 PM
Yeah well.. i somehow need to make it "stick" as i am afraid it wont work when the config files are overwritten
Title: Re: Windows 10: VPN works, DNS does not.
Post by: Jhjacobs81 on December 10, 2020, 09:13:10 AM
okay so.. after an update the "after" modifications i made are gone!

Its now completely default. AND.. i get DNS :|

Someone please just shoot me through the head..
Text only | Text with Images