[Vpn-help] Non-local DNS lookup failed in 2.1.0-release
Tai-hwa Liang
avatar at mmlab.cse.yzu.edu.tw
Sun Aug 17 20:53:30 CDT 2008
On Sat, 16 Aug 2008, Matthew Grooms wrote:
> Tai-hwa Liang wrote:
>> After upgrading 2.1.0-beta-5 to 2.1.0-release, DNS queries to outside
>> domain no longer works after connected to VPN gateway:
>>
> [snip]
>>
>> Meanwhilst, ping/lookup to host inside VPN works; ping'ing to outside
>> domain using IP address works as well. Once I disconnected from the VPN
>> gateway, DNS lookup to www.google.com works again.
>>
>> VPN client version = 2.1.0 release
>> Windows OS version = Windows XP SP3
>> Gateway = FreeBSD 6-STABLE + ipsec-tools-0.7
>
> Tai-hwa,
>
> I did some tests on the software and can't seem to re-produce the issue.
> Are you using split DNS to classify which packets should be sent to the
> tunnel specific DNS server? If not, no DNS queries will be handles by a
> local DNS server when a tunnel specific DNS server is specified.
Yes, I'm using split DNS(default). See attached file for exported settings.
--
Cheers,
Tai-hwa Liang
-------------- next part --------------
n:network-ike-port:500
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:1
n:network-notify-enable:1
n:client-wins-used:1
n:client-wins-auto:1
n:client-dns-used:1
n:client-dns-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:phase1-dhgroup:2
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-list-auto:1
n:version:2
n:network-mtu-size:1500
n:policy-nailed:0
s:network-host:xx.yy.zz.ww
s:client-auto-mode:pull
s:client-iface:virtual
s:network-natt-mode:disable
s:network-frag-mode:enable
s:auth-method:mutual-rsa
s:ident-client-type:asn1dn
s:ident-server-type:asn1dn
s:phase1-exchange:aggressive
s:phase1-cipher:auto
s:phase1-hash:sha1
s:phase2-transform:auto
s:phase2-hmac:sha1
s:ipcomp-transform:deflate
n:phase2-pfsgroup:2
s:auth-client-cert:mycred.p12
b:auth-client-cert-data:...
s:auth-client-key:mycred.p12
b:auth-client-key-data:...
s:auth-server-cert:cert-chain.pem
b:auth-server-cert-data:...
More information about the vpn-help
mailing list