[strongSwan] Does iOS 8.3 IKEv1, split tunnel+split DNS actually work?
Anthony Alba
ascanio.alba7 at gmail.com
Sun May 10 17:05:42 CEST 2015
Hi list,
I would like to check whether iOS 8.3 IKEv1, split tunnel + DNS works
for you, and if so, could you share your configuration.
I have it an iOS 8.3 client (IKEv1, RSA+XAUTH) that works fine as a full tunnel.
In split mode, routing by IP address works, but no internal DNS works,
with the following configuration
attr {
load = yes
dns = 10.1.1.1
28672 = "SPLIT TUNNEL TEST"
28674 = example.com
28675 = example.com example.internal
split-include = 10.0.0.0/8
}
charon {
cisco_unity = yes
}
During negotiation I can see the server send
[ HASH CPRP(ADDR U_BANNER U_DEFDOM U_SPLITDNS U_SPLITINC DNS) ]
attributes, nevertheless the client never sends DNS queries to the
internal DNS server.
I would like to confirm whether any of you can actually get this to work.
Regards
Anthony
More information about the Users
mailing list