[strongSwan] StrongSwan Mac OS X app questions

Vadim Uvin vvmailx at gmail.com
Fri Mar 20 10:58:09 CET 2015


Hi all,

I have the similar DNS problem with Strongswan OS X app. The Strongsan
installs the DNS without errors:

2015-03-20 10:15:19.594 SafeConnectMac[3653:106888] scheduling rekeying in
35879s
2015-03-20 10:15:19.595 SafeConnectMac[3653:106888] maximum IKE_SA lifetime
36479s
2015-03-20 10:15:19.599 SafeConnectMac[3653:106888] installing 193.5.23.1
as DNS server
2015-03-20 10:15:19.659 SafeConnectMac[3653:106888] installing
193.247.204.1 as DNS server
2015-03-20 10:15:19.661 SafeConnectMac[3653:106888] installing new virtual
IP 10.11.8.1

Then the following happens:

1) Chrome works (probably, has its own DNS resolution)
2) Nothing else works
3) scutil --dns outputs:

DNS configuration

resolver #1
  search domain[0] : <...>
  nameserver[0] : 193.247.204.1
  nameserver[1] : 193.5.23.1
  nameserver[2] : 193.5.23.1
  nameserver[3] : 193.247.204.1
  nameserver[4] : 8.8.8.8
  if_index : 6 (en1)
  flags    : Request A records

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : <...>
  nameserver[0] : 193.247.204.1
  nameserver[1] : 193.5.23.1
  nameserver[2] : 193.5.23.1
  nameserver[3] : 193.247.204.1
  nameserver[4] : 8.8.8.8
  if_index : 6 (en1)
  flags    : Scoped, Request A records

Some IPs are listed twice, but that's not the problem. It still does not
work if no DNS are pushed from the server.

4) The following error messages starts appearing in the system log:

Mar 20 10:43:36 Developers-MacBook-Pro.local discoveryd[3685]: Basic
DNSResolver UDNS Send(): UDP Sendto() failed to DNSNameServer 193.247.204.1
Port 53 errno 51, fd 42, ErrLogCount 49 ResolverIntf:6
Mar 20 10:43:37 Developers-MacBook-Pro.local discoveryd[3685]: Basic
DNSResolver UDNS Send(): UDP Sendto() failed to DNSNameServer 193.247.204.1
Port 53 errno 51, fd 42, ErrLogCount 50 ResolverIntf:6

5) Now if I open the Network Preferences->WiFi->Advanced->DNS, I see all
DNS servers listed there which corresponds to the output of scutil. If I
add any of this servers manually (using the + button in that window), then
the DNS resolution starts to work!

I tested on OS.X 10.10.2 with Strongswan 5.2.2.

Any help is greatly appreciated.

Vadim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150320/3e70102a/attachment-0001.html>


More information about the Users mailing list