Cannot reach DNS server through IPSec tunnel

Started by tcb, March 23, 2025, 06:12:08 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 23, 2025, 06:12:08 PM
Hi,

I am trying to reach a dns server through my IPSec tunnel, but it seems like something is blocking the connection.

Code Select
Resolve-DnsName : test.local : DNS name does not exist
At line:1 char:1
+ Resolve-DnsName -Name test.local -Server 192.168.20.254
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (test.local:String) [Resolve-DnsName], Win32Exception
    + FullyQualifiedErrorId : DNS_ERROR_RCODE_NAME_ERROR,Microsoft.DnsClient.Commands.ResolveDnsName
Resolve from within local network works just fine

Code Select
Resolve-DnsName -Name test.local -Server 192.168.20.254

Name                                           Type   TTL   Section    IPAddress
----                                           ----   ---   -------    ---------
test.local                                     A      60    Answer     10.10.20.1
test.local                                     A      60    Answer     10.10.20.1
I disabled DNSMasq and unbound on the firewall.

I am not sure where to start debugging.

Any help to get me into the reight direction would be great.

Thanks in advance!
March 23, 2025, 09:47:54 PM #1
Is this an s2s IPSec or a road warrior?

Which device is the DNS server, you try to access? Is it a server behind the IPSec endpoint or is it running on the endpoint itself?
March 27, 2025, 08:36:59 PM #2
Hi,

thanks for your reply!

This is a site2site IPSec tunnel.

It's a Windows DNS-Server behind an OPNSense at one end of the tunnel.
The client is on the other side of the tunnel behind a draytek vigor router.

Print
Go Up Pages1
User actions