Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
14[IKE] unable to resolve
« previous
next »
Print
Pages: [
1
]
Author
Topic: 14[IKE] unable to resolve (Read 420 times)
dstr
Newbie
Posts: 32
Karma: 0
14[IKE] unable to resolve
«
on:
August 09, 2024, 11:08:57 am »
Im using unbound as dns server and ipsec tunnel with a dns remote gateway. after rebooting the firewall, ipsec seems to be started before unbound and is not able to resolve the host. it stops after 3 retrys, even though keyretries is set to 0 in the ipsec config which should mean unlimited retries.
is there a way to start ipsec delayed after unbound, or configure ipsec service not to stop?
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1595
Karma: 176
Re: 14[IKE] unable to resolve
«
Reply #1 on:
August 09, 2024, 01:23:45 pm »
Does the Firewall itself use Unbound as resolver for its own DNS requests?
What configured in System: Settings: General?
Maybe use the resolvers of your ISP or Cloudflare/Google here instead and see if that fixes the problem.
Logged
Hardware:
DEC740
dstr
Newbie
Posts: 32
Karma: 0
Re: 14[IKE] unable to resolve
«
Reply #2 on:
August 09, 2024, 02:20:40 pm »
general is 127.0.0.1 configured, with google it works but is not a option since Im using encrypted dns and blocklists with unbound.
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1595
Karma: 176
Re: 14[IKE] unable to resolve
«
Reply #3 on:
August 09, 2024, 02:46:05 pm »
Hmm, you should open an issue on github and explain your case there.
https://github.com/opnsense/core/issues
Maybe also attach the ipsec logs of the permanent failure thats happening.
Logged
Hardware:
DEC740
schnipp
Sr. Member
Posts: 371
Karma: 19
Re: 14[IKE] unable to resolve
«
Reply #4 on:
August 09, 2024, 08:43:37 pm »
Quote from: dstr on August 09, 2024, 11:08:57 am
is there a way to start ipsec delayed after unbound, or configure ipsec service not to stop?
Generally it's not needed. IPsec connections start automatically if properly configured. Check the CHILD_SAs:
Start action should be set to "trap" or "trap+start"
DPD action should be set to "trap" (if used)
Logged
OPNsense 24.7.1-amd64
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
14[IKE] unable to resolve