[Vpn-help] Non-local DNS lookup failed in 2.1.0-release

Saša Stjepan Bakša sasa-stjepan.baksa at os.t-com.hr
Sun Aug 17 13:04:47 CDT 2008 


Matthew Grooms wrote:
> Tai-hwa Liang wrote:
>   
>>   After upgrading 2.1.0-beta-5 to 2.1.0-release, DNS queries to outside
>> domain no longer works after connected to VPN gateway:
>>
>>     
> [snip]
>   
>>   Meanwhilst, ping/lookup to host inside VPN works; ping'ing to outside
>> domain using IP address works as well.  Once I disconnected from the VPN
>> gateway, DNS lookup to www.google.com works again.
>>
>>   VPN client version = 2.1.0 release
>>   Windows OS version = Windows XP SP3
>>   Gateway = FreeBSD 6-STABLE + ipsec-tools-0.7
>>
>>     
>
> Tai-hwa,
>
> I did some tests on the software and can't seem to re-produce the issue.
> Are you using split DNS to classify which packets should be sent to the
> tunnel specific DNS server? If not, no DNS queries will be handles by a
> local DNS server when a tunnel specific DNS server is specified.
>
>   
Hi!


This is my setup for one my site. All tunnels behave just the same, when 
tunnel is up - no DNS lookups.
Same config worked before version 2.1.0 I am using 2.1.1 now and problem 
is persisting.

Sasa

n:network-ike-port:500
n:network-natt-port:4500
n:network-natt-rate:30
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:0
n:network-notify-enable:1
n:client-wins-used:0
n:client-wins-auto:1
n:client-dns-used:0
n:client-dns-auto:0
n:client-splitdns-used:0
n:client-splitdns-auto:0
n:phase1-dhgroup:2
n:phase1-life-secs:28800
n:phase1-life-kbytes:0
n:phase2-life-secs:14400
n:phase2-life-kbytes:0
n:policy-list-auto:0
n:version:2
n:network-mtu-size:1380
n:policy-nailed:0
s:network-host:hostname.dyndns.org
s:client-auto-mode:disabled
s:client-iface:direct
s:network-natt-mode:enable
s:network-frag-mode:disable
s:client-splitdns-list:pointos.loc
s:auth-method:mutual-psk
s:ident-client-type:ufqdn
s:ident-server-type:address
s:ident-client-data:client at yyyyyyyy.xx
b:auth-mutual-psk:xyzzxy
s:phase1-exchange:aggressive
s:phase1-cipher:3des
s:phase1-hash:sha1
s:phase2-transform:esp-3des
s:phase2-hmac:sha1
s:ipcomp-transform:disabled
n:phase2-pfsgroup:2
s:policy-list-include:192.168.1.0 / 255.255.255.0

More information about the vpn-help mailing list