OPNsense Forum
English Forums => General Discussion => Topic started by: pheinrich on June 09, 2019, 09:05:09 pm
-
Hi,
I have setup my opnsense with ipsec and I can connect to my gateway with my android phone. Also ip adresses are accessible. For some reason there is no DNS entry on the phone. Setting it explicitly on the phone resolves the issue and everything is browsable.
There is a section below VPN -> Ipsec -> Mobile Clients -> DNS Servers where I have set the internal opnsense ip running unbound. After that I have added the virtual IP range to the Unbound Access List.
Now the dns server is written to the strongswan.conf in the attr {} plugin
Automatically generated, please do not modify
starter {
load_warning = no
}
charon {
threads = 16
ikesa_table_size = 32
ikesa_table_segments = 4
init_limit_half_open = 1000
ignore_acquire_ts = yes
syslog {
identifier = charon
daemon {
ike_name = yes
}
}
cisco_unity = yes
plugins {
attr {
subnet = 0.0.0.0/0
split-include = 0.0.0.0/0
dns = 192.168.40.1
}
xauth-pam {
pam_service = ipsec
session = no
trim_email = yes
}
}
}
But for some reason this is not set up on the device.
Manually adding rightdns = 192.168.40.1 to the generated ipsec.conf does work!
But for this option there is no ui input.
The strongswan doc says to use the attr plugin there must be a virtual ip request ... and yes i am requesting a virtual ip from 10.0.10.0/24
https://wiki.strongswan.org/projects/strongswan/wiki/Attrplugin (https://wiki.strongswan.org/projects/strongswan/wiki/Attrplugin)
Any ideas?