Bug #13579
closed
Incorrect quoting of Split DNS attribute value in ``strongswan.conf``
Added by Rogelio Baucells about 2 years ago.
Updated about 2 years ago.
Plus Target Version:
23.01
Description
Configuring more than one domain name (space separated) in IPsec mobile client Split DNS UI incorrectly wraps the strongswan attribute value within quotes:
UI:
Provide a list of split DNS domain names to clients. Enter a space separated list
doman1.internal doman2.internal doman3.internal
strongswan.conf (correct value should be space separated without quotes):
# Split DNS (UNITY_SPLITDNS_NAME)
28675 = "doman1.internal doman2.internal doman3.internal"
MacOS 12.6 as a client sees all domains as a single one:
resolver #1
search domain[0] : doman1.internal doman2.internal doman3.internal
search domain[1] : home.internal
- Project changed from pfSense Plus to pfSense
- Subject changed from Incorrect Split-DNS attribute value in strongswan.conf configuration file to Incorrect quoting of Split DNS attribute value in ``strongswan.conf``
- Category changed from IPsec to IPsec
- Affected Plus Version deleted (
22.05)
- Assignee set to Reid Linnemann
- Description updated (diff)
- Target version set to 2.7.0
- Plus Target Version set to 23.01
- Status changed from New to Feedback
- % Done changed from 0 to 100
Tested the patch against:
2.7.0-DEVELOPMENT (amd64)
built on Wed Nov 09 06:04:35 UTC 2022
FreeBSD 14.0-CURRENT
It looks fine!
# Split DNS (UNITY_SPLITDNS_NAME)
28675 = doman1.internal doman2.internal doman3.internal
Before closing this it would be best if someone could test a live mobile client which can consume these settings to check if it works as intended (e.g. macOS). Not all clients support these particular parameters.
It appears to be doing the right thing and sending them separately now at least, but a practical test would be ideal.
Testing performed:
client:
macOS Monterey. Version 12.5.1
server:
23.01-DEVELOPMENT (amd64)
built on Fri Nov 18 06:04:48 UTC 2022
FreeBSD 14.0-CURRENT
Upon establishing the VPN connection client's DNS config looks good!
DNS configuration
resolver #1
search domain[0] : doman1.internal
search domain[1] : doman2.internal
search domain[2] : doman3.internal
search domain[3] : ipbgd.office
nameserver[0] : xxxx:xxx:xxxx:xxx::x
nameserver[1] : xxx.xx.xx.x
if_index : 4 (en0)
flags : Request A records, Request AAAA records
reach : 0x00020002 (Reachable,Directly Reachable Address)
The ticket can be resolved.
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by