Bug #12975
closed
IKEv2 Mobile IPsec clients do not receive ``INTERNAL_DNS_DOMAIN`` (value ``25``) attribute
100%
Description
DNS IP addresses must be supplied to the remote client when a mobile tunnel is created in order to resolve remote (private) ressource names.
Using IKEv2, macOS (Monterey Version 12.0.1) and iOS (Version 15.3.1) pfSense clients do not resolve FQDN internal hostnames unlike other VPN clients (Windows 10, Android R12, etc.).
Adding attribute 25 should be done in https://github.com/pfsense/pfsense/blob/master/src/etc/inc/ipsec.inc
if (!empty($a_client['dns_split'])) {
$ssconf['charon']['plugins']['attr'][] = "# Split DNS";
$ssconf['charon']['plugins']['attr']['28675'] = "\"{$a_client['dns_split']}\"";
++ $ssconf['charon']['plugins']['attr']['25'] = "\"{$a_client['dns_split']}\"";
}IKEv2 clients that are stil processing “Cisco Unity extensions Attribute Type” UNITY_SPLITDNS_NAME (value 28675) are not affected. Other clients processing the more mnodern “Configuration Payload Attribute Type” INTERNAL_DNS_DOMAIN (value 25) get the information they need.
Updated by Jim Pingle about 2 years ago
- Target version set to 2.7.0
- Plus Target Version set to 22.05
Updated by Viktor Gurov about 2 years ago
- Assignee set to Viktor Gurov
- Affected Version set to 2.6.0
Updated by Jim Pingle about 2 years ago
- Status changed from New to Pull Request Review
Updated by Viktor Gurov about 2 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset 5f5f71cc01788f8b2f9412c4019340e532fa84ff.
Updated by Jim Pingle about 2 years ago
- Subject changed from IPSec IKEv2 Mobile clients do not receive INTERNAL_DNS_DOMAIN (value 25) attribute to IKEv2 Mobile IPsec clients do not receive ``INTERNAL_DNS_DOMAIN`` (value ``25``) attribute
Updating subject for release notes.
Updated by Jim Pingle almost 2 years ago
- Status changed from Feedback to Resolved
The new attribute is present in the configuration, the rest is up to clients at this point.