FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
676 views 2 comments
by anonymous
Hi,

since some days , I can not get the DNS to work when enabling the IPSEC VPN on my RUTX11 router.

I still can go to website in pasting the right IP address manually , but unable to resolve the DNS with IPSEC VPN activated.

here is my ipsec.conf file on my dedicated ubuntu server :

`

config setup

    charondebug="ike 1, knl 1, cfg 0"

    uniqueids=no

conn ikev2-vpn

    auto=add

    compress=no

    type=tunnel

    keyexchange=ikev2

    fragmentation=yes

    forceencaps=yes

    ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!

    esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128gcm16,aes128gcm16-ecp256,aes256-sha1,aes256-sha256,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16,aes256gcm16-ecp384,3des-sha1!

    dpdaction=clear

    dpddelay=300s

    rekey=no

    left=%any

    leftid=%any

    leftsubnet=0.0.0.0/0

    rightsourceip=%config

    right=%any

    rightid=%any

    rightdns=8.8.8.8

    authby=secret

`

any idea of what could cause this loss of DNS service client side ?

thanks

3 Answers

0 votes
by anonymous
Hello,

So you have IPsec server on ubuntu machine, you connect to it with RUTX11 as a client, VPN itself works, but RUTX11 stops working as a DNS server for it's LAN devices. Is that correct?

Could you also provide IPsec configuration of RUTX11?

Best regards,
VidasKac.
0 votes
by anonymous
Hi,

yes it is correct , my RUTX 11 box connect as a VPN client to my ubuntu VPN server

this is the ipsec.conf of the rutx11 .

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup

        # strictcrlpolicy=yes

        # uniqueids = no

# Add connections here.

# Sample VPN connections

#conn sample-self-signed

#      leftsubnet=10.1.0.0/16

#      leftcert=selfCert.der

#      leftsendcert=never

#      right=192.168.0.2

#      rightsubnet=10.2.0.0/16

#      rightcert=peerCert.der

#      auto=start

#conn sample-with-ca-cert

#      leftsubnet=10.1.0.0/16

#      leftcert=myCert.pem

#      right=192.168.0.2

#      rightsubnet=10.2.0.0/16

#      rightid="C=CH, O=Linux strongSwan CN=peer name"

#      auto=start

include /var/ipsec/ipsec.conf

I remember that Simonas went into my rutx11 to modify a file somewhere but I can not recall where.

I think it was related to DNS.

may you try with teamviewer ?
by anonymous
Couple of questions:

First are you trying to push all traffic from RUTX11 through IPsec VPN?

Second please explain what you mean by loss of DNS service? if VPN is enabled is there anything you can access from computer behind RUT? or do you have DDNS configured on RUTX11 and you cannot access it through hostname, but it is accessible through its Public IP?
0 votes
by anonymous
-  I am trying to push all my traffic to IPSEC VPN

-  when using the IPSEC VPN I can not access websites by hostnames but I cann access them by IP

my problem is just a name resolving which stopped to work.

what should I do in config?
by anonymous

Hello, 

Please send me troubleshoot file via private message, you can download it it from System > Administration > Troubleshoot window in your routers WebUI.

Best regards,
Vidas.