[strongSwan] Local bind9 DNS server fails when connected to remote gateway
Maerkis
sms at icefire.qza.net.au
Sat Oct 22 22:28:58 CEST 2016
Hi folks,
I have a local file/dhcp/dns server (bob) which sits behind a 4g nat and connects via ipsec tunnel to a vps gateway (bill) and routes all traffic over the internet.
This works fine if the clients behind bob use an external dns for name resolution. This isn't practical however, since I run a local instance of bind9 that serves requests for both external and internal domains.
This works fine, until I connect the tunnel, at which point I can see the clients sending requests to bob, and bind9 logs show it doing the queries, but the response never appears in wireshark and the client hangs. Queries originating from bob still work however.
bob: Debian 8
Network: (clients)-->(bob)-->(4g-nat)-->(bill)-->www
ipsec.conf:
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
conn skyline
keyexchange=ikev2
authby=secret
left=%defaultroute
leftid=bob at my.net
leftsubnet=10.0.0.0/8
rightid=skyline at qza.net.au
right=1.99.57.1.257
rightsubnet=0.0.0.0/0
dpdaction=restart
dpddelay=30s
dpdtimeout=150s
auto=start
strongswan.conf:
charon {
load_modular = yes
install_routes = no
plugins {
include strongswan.d/charon/*.conf
}
}
include strongswan.d/*.conf
I've been poking at this for a couple of days now, I'm stumped as to what's going on.
--
Maerkis <sms at icefire.qza.net.au>
More information about the Users
mailing list