Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: sstaible on May 07, 2025, 10:05:01 PM

Title: Feature request to make DNS work with IKEv2 on iOS for split tunnels
Post by: sstaible on May 07, 2025, 10:05:01 PM
Hi all

I have configured IKEv2 with EAP-TLS to connect from my iOS device to my home network. I've configured a split tunnel that just routes my home subnet over IPsec.

Everything worked perfectly except DNS. However, I found that I can make it work if I manually add attribute 25 to my charon configuration (adding the name of my internal DNS domain):

        attr {
            25 = domain.home
            subnet = 192.168.34.0/24
            split-include = 192.168.34.0/24
            dns = 192.168.34.1
   }

Attribute 25 stands for INTERNAL_DNS_DOMAIN according to https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-21

It would be nice if support for this attribute could be added to the GUI.

Somewhat unrelated I would also appreciate if support for proposal 'aes256-sha256-modp1024' could be added to the phase 1 proposal list as this is the only algorithm I found to make my Azure VPN gateway (cheapest type 'basic' with only limited algorithm support) connect to my OPNsense box.

Kind Regards
Sven
Title: Re: Feature request to make DNS work with IKEv2 on iOS for split tunnels
Post by: sstaible on May 08, 2025, 07:32:20 PM
That was quick! Both changes have been included in 25.1.6. I guess this was planned even before my post.
Text only | Text with Images