[strongSwan] MacOS X and DNS

Tom Rymes trymes at rymes.com
Mon Mar 30 23:06:49 CEST 2020


While digging around a bit, I have found a number of older posts regarding DNS and MacOS clients, and it seems like a bit of a mess. Among other things, it seems that MacOS will not use pushed DNS servers unless all traffic is tunneled. That does work for me. When sending all traffic across the tunnel (leftsubnet=0.0.0.0/0), the DNS server is pushed, and name resolution works just fine. However, I want to split traffic and have DNS queries for one specific domain sent to a DNS server on the other side of the tunnel, and that’s where things get squirrelly.

I looked at the Wiki’s recommendations here: https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients <https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients>

That pointed me to this: https://lists.strongswan.org/pipermail/users/2015-October/008844.html <https://lists.strongswan.org/pipermail/users/2015-October/008844.html>

And in the end, it seems that the only way to send traffic for one specific search domain to a DNS server on the other end of the tunnel is to use a configuration profile? Setting that up manually in the IPSec configuration does not work (then why allow it, Apple?!). 

Am I missing anything?

Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200330/ade7b0c6/attachment.html>


More information about the Users mailing list