<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<font face="Monaco" class="">Thanks to martin & Fred for your responses. I’m still having tunnel DNS server configuration trouble on the Mac client.<br class="">
<br class="">
Configuration is strongSwan OS X app version 5.2.2 (1) on OS X Yosemite v10.10.2 connecting to a StrongSwan version 5.2.2 gateway on Centos 6.6.</font>
<div class=""><font face="Monaco" class=""><br class="">
Here is the scutil output. It looks like this both before and after the StrongSwan Mac app creates the tunnel.<br class="">
<br class="">
$ sudo scutil --dns<br class="">
DNS configuration<br class="">
<br class="">
resolver #1<br class="">
nameserver[0] : 72.250.183.10<br class="">
nameserver[1] : 72.250.183.20<br class="">
nameserver[2] : 10.100.36.2<br class="">
nameserver[3] : 8.8.8.8<br class="">
nameserver[4] : 8.8.4.4<br class="">
flags : Request A records<br class="">
reach : Reachable<br class="">
<br class="">
DNS configuration (for scoped queries)<br class="">
<br class="">
resolver #1<br class="">
nameserver[0] : 72.250.183.10<br class="">
nameserver[1] : 72.250.183.20<br class="">
nameserver[2] : 10.100.36.2<br class="">
nameserver[3] : 8.8.8.8<br class="">
nameserver[4] : 8.8.4.4<br class="">
if_index : 4 (en3)<br class="">
flags : Scoped, Request A records<br class="">
reach : Reachable<br class="">
<br class="">
<br class="">
Here’s a part of the StrongSwan Mac app log, showing the installation of the DNS server. The displayed address is the configured one on the VPN gateway.<br class="">
<br class="">
scheduling rekeying in 35565s<br class="">
maximum IKE_SA lifetime 36165s<br class="">
handling UNITY_SPLIT_INCLUDE attribute failed<br class="">
handling UNITY_LOCAL_LAN attribute failed<br class="">
installing 10.8.65.164 as DNS server<br class="">
handling UNITY_DEF_DOMAIN attribute failed<br class="">
installing 10.8.65.164 as DNS server<br class="">
installing new virtual IP 10.255.252.1<br class="">
created TUN device: utun1<br class="">
<br class="">
<br class="">
</font>
<div class=""><font face="Monaco" class="">I don’t know that much about OS X DNS, other than it is not the /etc/resolv.conf flat file.</font></div>
<div class=""><font face="Monaco" class=""><br class="">
</font></div>
<div class=""><font face="Monaco" class="">What can I do to get more visibility into root cause?<br class="">
<br class="">
<br class="">
</font><br class="">
<blockquote type="cite" class="">On Mar 16, 2015, at 3:18 AM, Fred <<a href="mailto:curious_freddy@gmsl.co.uk" class="">curious_freddy@gmsl.co.uk</a>> wrote:<br class="">
<br class="">
On 16/03/2015 08:23, Martin Willi wrote:<br class="">
<blockquote type="cite" class="">Ken,<br class="">
<br class="">
<blockquote type="cite" class="">Are there any issues with DNS & StrongSwan Mac OS X app?<br class="">
</blockquote>
<br class="">
The osx-attr plugin prepends the negotiated DNS servers to the currently<br class="">
configured ones. You may check with scutil if that works as expected.<br class="">
<br class="">
Not sure if keeping the current DNS servers installed is the best<br class="">
approach, maybe we should remove the previous servers. But we currently<br class="">
just add them to have them as a fallback.<br class="">
</blockquote>
<br class="">
In my case the local DNS server was being used instead of the DNS servers added by strongSwan. I could clearly see the them added in the both the strongSwan logfile and also in the output of scutil --dns.<br class="">
<br class="">
If I deleted them all and then added just the ones via the VPN, it all worked fine.<br class="">
<br class="">
Personally I think removing the previous servers would be better. This problem did go away in Yosemite so maybe it was a bug in previous versions of Mac OS X or odd expected behaviour.<br class="">
_______________________________________________<br class="">
Users mailing list<br class="">
<a href="mailto:Users@lists.strongswan.org" class="">Users@lists.strongswan.org</a><br class="">
https://lists.strongswan.org/mailman/listinfo/users<br class="">
</blockquote>
<br class="">
</div>
</div>
</body>
</html>