1

I've read several articles on DNS resolution over IPSEC using the native VPN client for macos but I can't seem to resolve the issue.

The ISPEC server is pfSense. I have added the proper DNS servers and search domain to the VPN server.

First attempt:

The mac can connect just fine. I can ping, by ip address, any host. Name resolution does not work at that point.

Second attempt:

I edit the VPN connection to always use the two DNS servers on the other side of the VPN. When I save and connect I still cannot resolve partial of fully qualified domains against that DNS servers on the VPN side.

Running nslookup against the remote DNS servers (server x.x.x.x, then query) does resolve properly, so there seems to be nothing blocking the resolution.

When I list the priority of the DNS it shows that my wired ethernet has priority over the VPN DNS.

Is there a step I'm missing to force the OS to always use VPN DNS over local DNS as a priority?

1 Answer 1

0

I have not used pfsense before, but with OpenVPN you can config the VPN server to push the required DNS servers down onto the Mac - which on my configuration can clear the locally set DNS servers - so you use those specified by the VPN server. I have also seen this behaviour with Cisco VPN clients on OSX.

So I would suspect it is a setting to force the remote client to use the VPN defined DNS servers.

How to force DNS settings with pfsense

1
  • I have set the options with IPSEC, bit it seems to be ignored. The link will in theory work if I'm not splitting traffic. That might be the answer, forcing all clients through VPN, overriding DNS for remote. Not the solution I was hoping to implement but it will might solve the issue.
    – Gary Smith
    Commented Dec 22, 2020 at 2:29

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .