[Vpn-help] Non-local DNS lookup failed in 2.1.0-release

Tai-hwa Liang avatar at mmlab.cse.yzu.edu.tw
Sun Aug 17 20:53:30 CDT 2008 

On Sat, 16 Aug 2008, Matthew Grooms wrote:
> Tai-hwa Liang wrote:
>>   After upgrading 2.1.0-beta-5 to 2.1.0-release, DNS queries to outside
>> domain no longer works after connected to VPN gateway:
>>
> [snip]
>>
>>   Meanwhilst, ping/lookup to host inside VPN works; ping'ing to outside
>> domain using IP address works as well.  Once I disconnected from the VPN
>> gateway, DNS lookup to www.google.com works again.
>>
>>   VPN client version = 2.1.0 release
>>   Windows OS version = Windows XP SP3
>>   Gateway = FreeBSD 6-STABLE + ipsec-tools-0.7
>
> Tai-hwa,
>
> I did some tests on the software and can't seem to re-produce the issue.
> Are you using split DNS to classify which packets should be sent to the
> tunnel specific DNS server? If not, no DNS queries will be handles by a
> local DNS server when a tunnel specific DNS server is specified.

   Yes, I'm using split DNS(default).  See attached file for exported settings.

-- 
Cheers,

Tai-hwa Liang
-------------- next part --------------
n:network-ike-port:500

n:client-addr-auto:1

n:network-natt-port:4500

n:network-natt-rate:15

n:network-frag-size:540

n:network-dpd-enable:1

n:client-banner-enable:1

n:network-notify-enable:1

n:client-wins-used:1

n:client-wins-auto:1

n:client-dns-used:1

n:client-dns-auto:1

n:client-splitdns-used:1

n:client-splitdns-auto:1

n:phase1-dhgroup:2

n:phase1-life-secs:86400

n:phase1-life-kbytes:0

n:phase2-life-secs:3600

n:phase2-life-kbytes:0

n:policy-list-auto:1

n:version:2

n:network-mtu-size:1500

n:policy-nailed:0

s:network-host:xx.yy.zz.ww

s:client-auto-mode:pull

s:client-iface:virtual

s:network-natt-mode:disable

s:network-frag-mode:enable

s:auth-method:mutual-rsa

s:ident-client-type:asn1dn

s:ident-server-type:asn1dn

s:phase1-exchange:aggressive

s:phase1-cipher:auto

s:phase1-hash:sha1

s:phase2-transform:auto

s:phase2-hmac:sha1

s:ipcomp-transform:deflate

n:phase2-pfsgroup:2

s:auth-client-cert:mycred.p12

b:auth-client-cert-data:...

s:auth-client-key:mycred.p12

b:auth-client-key-data:...

s:auth-server-cert:cert-chain.pem

b:auth-server-cert-data:...

More information about the vpn-help mailing list