Project

General

Profile

Actions
Copy link

Bug #13579

closed

Incorrect quoting of Split DNS attribute value in ``strongswan.conf``

Added by Rogelio Baucells about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Reid Linnemann
Category:
IPsec
Target version:
2.7.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.01
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Configuring more than one domain name (space separated) in IPsec mobile client Split DNS UI incorrectly wraps the strongswan attribute value within quotes:

UI:

Provide a list of split DNS domain names to clients. Enter a space separated list
doman1.internal doman2.internal doman3.internal

strongswan.conf (correct value should be space separated without quotes):
# Split DNS (UNITY_SPLITDNS_NAME)
28675 = "doman1.internal doman2.internal doman3.internal"

MacOS 12.6 as a client sees all domains as a single one:
resolver #1
  search domain[0] : doman1.internal doman2.internal doman3.internal
  search domain[1] : home.internal

Actions
Copy link
 #1

Updated by Jim Pingle about 2 years ago

  • Project changed from pfSense Plus to pfSense
  • Subject changed from Incorrect Split-DNS attribute value in strongswan.conf configuration file to Incorrect quoting of Split DNS attribute value in ``strongswan.conf``
  • Category changed from IPsec to IPsec
  • Affected Plus Version deleted (22.05)
Actions
Copy link
 #2

Updated by Reid Linnemann about 2 years ago

  • Assignee set to Reid Linnemann
Actions
Copy link
 #3

Updated by Marcos M about 2 years ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by Jim Pingle about 2 years ago

  • Target version set to 2.7.0
  • Plus Target Version set to 23.01
Actions
Copy link
 #5

Updated by Reid Linnemann about 2 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #6

Updated by Danilo Zrenjanin about 2 years ago

Tested the patch against:

2.7.0-DEVELOPMENT (amd64)
built on Wed Nov 09 06:04:35 UTC 2022
FreeBSD 14.0-CURRENT

It looks fine!

# Split DNS (UNITY_SPLITDNS_NAME)
            28675 = doman1.internal doman2.internal doman3.internal
Actions
Copy link
 #7

Updated by Jim Pingle about 2 years ago

Before closing this it would be best if someone could test a live mobile client which can consume these settings to check if it works as intended (e.g. macOS). Not all clients support these particular parameters.

It appears to be doing the right thing and sending them separately now at least, but a practical test would be ideal.

Actions
Copy link
 #8

Updated by Danilo Zrenjanin about 2 years ago

Testing performed:

client: 

macOS Monterey. Version 12.5.1

server:

23.01-DEVELOPMENT (amd64)
built on Fri Nov 18 06:04:48 UTC 2022
FreeBSD 14.0-CURRENT

Upon establishing the VPN connection client's DNS config looks good!

DNS configuration

resolver #1
  search domain[0] : doman1.internal
  search domain[1] : doman2.internal
  search domain[2] : doman3.internal
  search domain[3] : ipbgd.office
  nameserver[0] : xxxx:xxx:xxxx:xxx::x
  nameserver[1] : xxx.xx.xx.x
  if_index : 4 (en0)
  flags    : Request A records, Request AAAA records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)

The ticket can be resolved.

Actions
Copy link
 #9

Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF