"
Yes, this fixed it. Thank you.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
25.1, 25.4 Production Series / Re: dnsmasq stopped resolving external domains after upgrading to 26.1.6
May 09, 2025, 11:12:28 PM #2
25.1, 25.4 Production Series / Re: dnsmasq stopped resolving external domains after upgrading to 26.1.6
May 09, 2025, 01:42:41 PMQuote from: bora.rs on May 09, 2025, 11:22:54 AMIf you are forwarding the DNS queries to Google DNS servers (8.8.8.8) that might be causing the issue. Can you try another DNS provider such as Cloudflare (1.1.1.1) to see if that solves the issue?I'll try that when I'm home. I'm using my providers DNS resolvers, which work fine when queried from OPNsense or directly from clients on my LAN. Maybe the new version of dnsmasq in 26.1.6 suddenly has an issue with their response.
Quote from: cookiemonster on May 09, 2025, 11:57:56 AMperhaps https://forum.opnsense.org/index.php?topic=47135.0I have no issues with DHCP (I'm using ISC kea). Just that dnsmasq is failing to resolve external hosts/domains.
#3
25.1, 25.4 Production Series / dnsmasq stopped resolving external domains after upgrading to 26.1.6
May 09, 2025, 09:41:51 AM
Hi all
After the upgrade to 26.1.6, dnsmasq is no longer able to resolve queries to the external DNS from clients on the LAN. Queries for internal hosts work though. In the log I can see that dnsmasq tries to forward the queries to the configured resolvers (from general settings) but then immediately sends error REFUSED to the client. Resolving external hosts in the OPNsense shell works though. Also, if I assign the external resolver as DNS server in DHCP, clients on the LAN can resolve external hosts.
I can't figure out what is wrong. Any ideas?
Regards
Sven
After the upgrade to 26.1.6, dnsmasq is no longer able to resolve queries to the external DNS from clients on the LAN. Queries for internal hosts work though. In the log I can see that dnsmasq tries to forward the queries to the configured resolvers (from general settings) but then immediately sends error REFUSED to the client. Resolving external hosts in the OPNsense shell works though. Also, if I assign the external resolver as DNS server in DHCP, clients on the LAN can resolve external hosts.
I can't figure out what is wrong. Any ideas?
Regards
Sven
#4
Virtual private networks / Re: Feature request to make DNS work with IKEv2 on iOS for split tunnels
May 08, 2025, 07:32:20 PM
That was quick! Both changes have been included in 25.1.6. I guess this was planned even before my post.
#5
Virtual private networks / Feature request to make DNS work with IKEv2 on iOS for split tunnels
May 07, 2025, 10:05:01 PM
Hi all
I have configured IKEv2 with EAP-TLS to connect from my iOS device to my home network. I've configured a split tunnel that just routes my home subnet over IPsec.
Everything worked perfectly except DNS. However, I found that I can make it work if I manually add attribute 25 to my charon configuration (adding the name of my internal DNS domain):
attr {
25 = domain.home
subnet = 192.168.34.0/24
split-include = 192.168.34.0/24
dns = 192.168.34.1
}
Attribute 25 stands for INTERNAL_DNS_DOMAIN according to https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-21
It would be nice if support for this attribute could be added to the GUI.
Somewhat unrelated I would also appreciate if support for proposal 'aes256-sha256-modp1024' could be added to the phase 1 proposal list as this is the only algorithm I found to make my Azure VPN gateway (cheapest type 'basic' with only limited algorithm support) connect to my OPNsense box.
Kind Regards
Sven
I have configured IKEv2 with EAP-TLS to connect from my iOS device to my home network. I've configured a split tunnel that just routes my home subnet over IPsec.
Everything worked perfectly except DNS. However, I found that I can make it work if I manually add attribute 25 to my charon configuration (adding the name of my internal DNS domain):
attr {
25 = domain.home
subnet = 192.168.34.0/24
split-include = 192.168.34.0/24
dns = 192.168.34.1
}
Attribute 25 stands for INTERNAL_DNS_DOMAIN according to https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-21
It would be nice if support for this attribute could be added to the GUI.
Somewhat unrelated I would also appreciate if support for proposal 'aes256-sha256-modp1024' could be added to the phase 1 proposal list as this is the only algorithm I found to make my Azure VPN gateway (cheapest type 'basic' with only limited algorithm support) connect to my OPNsense box.
Kind Regards
Sven
Pages1
