Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 25 replies
  • Subscribers 1 subscriber
  • Views 33524 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Forwarder over IPSEC VPN

Paul Dugas
I have a remote site I connect to from home via an IPSEC tunnel that's working fine when I use IPs instead of hostnames.  I have added a Request Routing entry pointing the remote DNS domain name to the IP address of the DNS server on the remote network.  From my local network, I can run "host www.remote.lan RemoteDnsServerIP" and get the proper response.  When I try the same pointing to the local UTM machine, it fails.  Doing the same with hostnames on the local network and names of Internet hosts both work fine.  This feels like the IP address that the local DNS server (on the UTM machine) is using isn't on the internal network and isn't getting through the tunnel.  

How do I begin troubleshooting this? I'm new to Sophos/Astaro so be gentle pls.


This thread was automatically locked due to age.
Parents
  • 0 in reply to Paul Dugas
    strongSwan 4.2 - Configuration

    I wonder if that's the solution.


    If you define a local client subnet with a netmask larger than /32 behind the gateway then the automatically inserted FORWARD iptables rules will not allow to access the internal IP address of the host although it is part of the client subnet definition.

    I'm glad you knew enough to figure out a solution, but I wonder if adding "Internal (Address)" as a separate network in 'Local networks' in the IPsec Connection would have achieved the same thing.  This may explain why my experiment with my cloud-based instance successfully achieved what you were attempting to do.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Paul Dugas
    strongSwan 4.2 - Configuration

    I wonder if that's the solution.


    If you define a local client subnet with a netmask larger than /32 behind the gateway then the automatically inserted FORWARD iptables rules will not allow to access the internal IP address of the host although it is part of the client subnet definition.

    I'm glad you knew enough to figure out a solution, but I wonder if adding "Internal (Address)" as a separate network in 'Local networks' in the IPsec Connection would have achieved the same thing.  This may explain why my experiment with my cloud-based instance successfully achieved what you were attempting to do.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML