OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: Tubs on March 18, 2018, 07:49:56 pm

Title: VPN road worrier IKEv2 and DNS for local domain not working
Post by: Tubs on March 18, 2018, 07:49:56 pm: Hello,

I finally could set-up road worrier VPN with IKEv2 to work with iPhone (iOS). On OPNsense "Mutual RSA" and on iPhone cert-based authentication was the only IKEv2 based combination I could get running. Firewall setting and access to OPNsense ubound is set-up and seems to me correct by now. (IPSEC is in virtual network 192.168.200.0/24 and LAN is 192.168.100.0/24)

Everything so far works fine except of DNS for local network. In "mobile clients" of IPSEC settings in OPNsense the local DNS server 192.168.100.1 is set-up. By using a network tool on iPhone I can get DNS resolution for clients on LAN from DNS server of OPNsense on 192.168.100.1. But by using standard without giving explicit DNS name the iPhone is not contacting the local DNS for local domain.

Configuration issue or bug on OPNsense or on iPhone with iOS 11?

Thank you.
Title: Re: VPN road worrier IKEv2 and DNS for local domain not working
Post by: ruggerio on March 19, 2018, 12:08:27 pm: i would say works as designed, but could mismatch.

you would have to route the complete traffic from your vpn through your Network.

What i saw is, that if contacting an ip outside the lan-range, it will Bypass vpn. So, you need to fix the DNS-Server in your Client.

btw. i gave up on ikev1 because of the Routing issues. Openvpn does this with one click. (even if ipsec was my favourite).

Roger
Title: Re: VPN road worrier IKEv2 and DNS for local domain not working
Post by: Tubs on March 19, 2018, 08:20:15 pm: Quote from: ruggerio on March 19, 2018, 12:08:27 pm
i would say works as designed, but could mismatch.

OK. But why I have to posibility in IPsec seetings of server to give DNS server to the clients when it is not used anyway? Looks like I need to read more. Maybe a gap I do not yet understand.

Quote from: ruggerio on March 19, 2018, 12:08:27 pm
you would have to route the complete traffic from your vpn through your Network.

If this is the solution it will be fine for me. In the first step I want to connect to local recources. The routing of the other trafic for me has no preference.
Title: Re: VPN road worrier IKEv2 and DNS for local domain not working
Post by: ruggerio on March 20, 2018, 07:18:52 am: As i am new in opnsense, thats why i told i could mismatch. If you find the solution, i would glad to know also. ;)
Title: Re: VPN road worrier IKEv2 and DNS for local domain not working
Post by: bigops on March 21, 2018, 05:16:15 am: IKEv2 in iOS does not have the selective split tunneling option (Send all traffic via vpn) and all traffic is by default routed via VPN
Title: Re: VPN road worrier IKEv2 and DNS for local domain not working
Post by: Tubs on March 21, 2018, 08:59:23 pm: Quote from: bigops on March 21, 2018, 05:16:15 am
IKEv2 in iOS does not have the selective split tunneling option (Send all traffic via vpn) and all traffic is by default routed via VPN

You are sure?

The routing of the outside traffic for me is not important, so I have not loocke deeply on it. You are right that there is no option on iOS to set-up the rooting. But when my VPN is enabled and I go to any "sho my IP" page I get the IP from mobile network and not from IP of OPNsense. So the outside traffic is not routed via OPNsense. It goes directly from the phone to to the internet

But my original question was not regarding routing. It was regarding the DNS server to be able to resolv the local net behind the VPN. Here I still have no idea how to realise it.