IPsec clients can't make dns requests

MightyWarrior · May 11, 2019, 11:07am

Hey guys,

I have VPN server running on my router. Everything works fine except DNS: I can’t send queries to router from VPN client.

$ nslookup google.com 172.16.1.1
;; reply from unexpected source: MY_EXTERNAL_IP#53, expected 172.16.1.1#53
;; reply from unexpected source: MY_EXTERNAL_IP#53, expected 172.16.1.1#53

My configuration is very close to Strongswan configuration recipe for Turris Omnia

I suspect there is a problem with firewall configuration, but not able to figure out what exactly.
Appreciated for any help or pointers.

MightyWarrior · May 11, 2019, 12:34pm

Here are configs:
/etc/ipsec.conf
/etc/config/firewall
/etc/config/resolver

vcunat · May 11, 2019, 12:36pm

Have you had a look at previous posts, e.g. Hostnames not resolving through OpenVPN connection ?

MightyWarrior · May 11, 2019, 2:15pm

That thread is about resolving local dns. In my case none of dns are resolved (e.g. google.com).

vcunat · May 11, 2019, 5:43pm

Well, I actually don’t know what kind of strategy openvpn has – how it locally decides which names should be asked where.

MightyWarrior · May 11, 2019, 6:15pm

Let me clarify the problem. When my device connected to LAN everything works perfectly. When I’m connected thru VPN I’m getting following:
$ nslookup google.com 172.16.1.1
;; reply from unexpected source: MY_EXTERNAL_IP#53, expected 172.16.1.1#53
;; reply from unexpected source: MY_EXTERNAL_IP#53, expected 172.16.1.1#53

vcunat · May 11, 2019, 7:04pm

Oh, very helpful message, I forgot about this. Explanation with a work-around below. GitLab link, for completeness.

MightyWarrior · May 11, 2019, 7:47pm

Thanks, that solved my problem!