4781 questions

5854 answers

9372 comments

5704 members

0 votes
282 views 2 comments
by
Hi,

since some days , I can not get the DNS to work when enabling the IPSEC VPN on my RUTX11 router.

I still can go to website in pasting the right IP address manually , but unable to resolve the DNS with IPSEC VPN activated.

here is my ipsec.conf file on my dedicated ubuntu server :

`

config setup

    charondebug="ike 1, knl 1, cfg 0"

    uniqueids=no

conn ikev2-vpn

    auto=add

    compress=no

    type=tunnel

    keyexchange=ikev2

    fragmentation=yes

    forceencaps=yes

    ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!

    esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128gcm16,aes128gcm16-ecp256,aes256-sha1,aes256-sha256,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16,aes256gcm16-ecp384,3des-sha1!

    dpdaction=clear

    dpddelay=300s

    rekey=no

    left=%any

    leftid=%any

    leftsubnet=0.0.0.0/0

    rightsourceip=%config

    right=%any

    rightid=%any

    rightdns=8.8.8.8

    authby=secret

`

any idea of what could cause this loss of DNS service client side ?

thanks

3 Answers

0 votes
by
Hello,

So you have IPsec server on ubuntu machine, you connect to it with RUTX11 as a client, VPN itself works, but RUTX11 stops working as a DNS server for it's LAN devices. Is that correct?

Could you also provide IPsec configuration of RUTX11?

Best regards,
VidasKac.
0 votes
by
Hi,

yes it is correct , my RUTX 11 box connect as a VPN client to my ubuntu VPN server

this is the ipsec.conf of the rutx11 .

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup

        # strictcrlpolicy=yes

        # uniqueids = no

# Add connections here.

# Sample VPN connections

#conn sample-self-signed

#      leftsubnet=10.1.0.0/16

#      leftcert=selfCert.der

#      leftsendcert=never

#      right=192.168.0.2

#      rightsubnet=10.2.0.0/16

#      rightcert=peerCert.der

#      auto=start

#conn sample-with-ca-cert

#      leftsubnet=10.1.0.0/16

#      leftcert=myCert.pem

#      right=192.168.0.2

#      rightsubnet=10.2.0.0/16

#      rightid="C=CH, O=Linux strongSwan CN=peer name"

#      auto=start

include /var/ipsec/ipsec.conf

I remember that Simonas went into my rutx11 to modify a file somewhere but I can not recall where.

I think it was related to DNS.

may you try with teamviewer ?
by
Couple of questions:

First are you trying to push all traffic from RUTX11 through IPsec VPN?

Second please explain what you mean by loss of DNS service? if VPN is enabled is there anything you can access from computer behind RUT? or do you have DDNS configured on RUTX11 and you cannot access it through hostname, but it is accessible through its Public IP?
0 votes
by
-  I am trying to push all my traffic to IPSEC VPN

-  when using the IPSEC VPN I can not access websites by hostnames but I cann access them by IP

my problem is just a name resolving which stopped to work.

what should I do in config?
by

Hello, 

Please send me troubleshoot file via private message, you can download it it from System > Administration > Troubleshoot window in your routers WebUI.

Best regards,
Vidas.