[strongSwan] Local bind9 DNS server fails when connected to remote gateway
Tobias Brunner
tobias at strongswan.org
Mon Oct 24 16:35:05 CEST 2016
Hi Maerkis,
> This works fine, until I connect the tunnel, at which point I can see the clients sending requests to bob, and bind9 logs show it doing the queries, but the response never appears in wireshark and the client hangs. Queries originating from bob still work however.
Since bob sends everything via VPN tunnel (rightsubnet=0.0.0.0/0) that
includes the DNS responses. To avoid that you have to install bypass
policies (type=passthrough) that exempt local traffic from the VPN
connection (either for the whole client subnet or only for DNS).
Regards,
Tobias
More information about the Users
mailing list