Project

General

Profile

Actions

Bug #13579

closed

Incorrect quoting of Split DNS attribute value in ``strongswan.conf``

Added by Rogelio Baucells 12 months ago. Updated 10 months ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.01
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Configuring more than one domain name (space separated) in IPsec mobile client Split DNS UI incorrectly wraps the strongswan attribute value within quotes:

UI:

Provide a list of split DNS domain names to clients. Enter a space separated list
doman1.internal doman2.internal doman3.internal

strongswan.conf (correct value should be space separated without quotes):
# Split DNS (UNITY_SPLITDNS_NAME)
28675 = "doman1.internal doman2.internal doman3.internal" 

MacOS 12.6 as a client sees all domains as a single one:
resolver #1
  search domain[0] : doman1.internal doman2.internal doman3.internal
  search domain[1] : home.internal

Actions #1

Updated by Jim Pingle 11 months ago

  • Project changed from pfSense Plus to pfSense
  • Subject changed from Incorrect Split-DNS attribute value in strongswan.conf configuration file to Incorrect quoting of Split DNS attribute value in ``strongswan.conf``
  • Category changed from IPsec to IPsec
  • Affected Plus Version deleted (22.05)
Actions #2

Updated by Reid Linnemann 11 months ago

  • Assignee set to Reid Linnemann
Actions #3

Updated by Marcos M 11 months ago

  • Description updated (diff)
Actions #4

Updated by Jim Pingle 11 months ago

  • Target version set to 2.7.0
  • Plus Target Version set to 23.01
Actions #5

Updated by Reid Linnemann 11 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #6

Updated by Danilo Zrenjanin 11 months ago

Tested the patch against:

2.7.0-DEVELOPMENT (amd64)
built on Wed Nov 09 06:04:35 UTC 2022
FreeBSD 14.0-CURRENT

It looks fine!

# Split DNS (UNITY_SPLITDNS_NAME)
            28675 = doman1.internal doman2.internal doman3.internal
Actions #7

Updated by Jim Pingle 11 months ago

Before closing this it would be best if someone could test a live mobile client which can consume these settings to check if it works as intended (e.g. macOS). Not all clients support these particular parameters.

It appears to be doing the right thing and sending them separately now at least, but a practical test would be ideal.

Actions #8

Updated by Danilo Zrenjanin 10 months ago

Testing performed:

client:

macOS Monterey. Version 12.5.1

server:

23.01-DEVELOPMENT (amd64)
built on Fri Nov 18 06:04:48 UTC 2022
FreeBSD 14.0-CURRENT

Upon establishing the VPN connection client's DNS config looks good!

DNS configuration

resolver #1
  search domain[0] : doman1.internal
  search domain[1] : doman2.internal
  search domain[2] : doman3.internal
  search domain[3] : ipbgd.office
  nameserver[0] : xxxx:xxx:xxxx:xxx::x
  nameserver[1] : xxx.xx.xx.x
  if_index : 4 (en0)
  flags    : Request A records, Request AAAA records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)

The ticket can be resolved.

Actions #9

Updated by Jim Pingle 10 months ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF