2009/4/13 Vincent HÃ¤mmerli - EXES sÃ rl <vhaemmerli at exes dot ch>
> I have the same configuration than Mathias and adding the static route has
> solved the problem.
> Thanks for your work guys.
> -----Message d'origine-----
> De : Manuel Kasper [mailto:mk at neon1 dot net]
> EnvoyÃ© : lundi 13 avril 2009 12:07
> Ã€ : Mathias Lustig
> Cc : m0n0wall at lists dot m0n0 dot ch
> Objet : Re: [m0n0wall] Beta 1.3b16 released
> Hello Mathias,
> On 12.04.2009, at 11:56, Mathias Lustig wrote:
> > with its integrated DNS server for name resolution und because of
> > that I've
> > set up an entry in the DNS forwarder, which queries our DC for
> > everything
> > related to the "joho.local" domain.
> > This feature worked quite fine 'till the upgrade to 1.3b16 last
> > night. After
> > the upgrade, my m0n0 box just refuses to look up any name from the
> I've had a look at the changes since 1.3b15, but aside from the
> addition of the Dnsmasq "--all-servers" option (which is only used if
> you explicitly enable it) on the DNS forwarder setup page, I couldn't
> see anything that could cause this problem. A quick test of the domain
> override feature showed that it works (at least with a basic
> If I understand your description correctly, you were having the DNS
> forwarder send queries for your AD domain to an upstream DNS server
> via an IPsec tunnel. For this to work, the local subnet in the IPsec
> tunnel configuration must include the source IP address that the DNS
> forwarder chooses to send its queries (which is the WAN interface's
> address, unless there are static routes). This is often not the case
> for a LAN-to-LAN VPN (where one usually uses the LAN subnet as the
> IPsec "local subnet").
> This of course does not explain why it worked before the upgrade, but
> if you can give us some more detail on your addressing scheme, we may
> be able to pinpoint the problem and suggest a solution.
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
Hi Vincent, Manuel and everyone else!
Manuel, you gave me the right idea to get the DNS lookup working again.
I set a static route to send all traffic from WAN Interface via LAN
Interface through the IPSec tunnel and everything is fine again - just like
So why the hell didn't I need this static route before and m0n0 just routed
all the DNS requests from its dns forwarder through the IPSec tunnel by
I'm a little confused about that ...
Tel.: 06723 - 885659
Mobil: 0176 - 20529172