[ previous ] [ next ] [ threads ]
 
 From:  Mathias Lustig <mathias dot baran at googlemail dot com>
 To:  =?UTF-8?B?VmluY2VudCBIw6RtbWVybGkgLSBFWEVTIHPDoHJs?= <vhaemmerli at exes dot ch>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Beta 1.3b16 released
 Date:  Mon, 13 Apr 2009 20:24:31 +0200
2009/4/13 Vincent Hämmerli - EXES sàrl <vhaemmerli at exes dot ch>

> Hello,
> I have the same configuration than Mathias and adding the static route has
> solved the problem.
>
> Thanks for your work guys.
> Regards
> Vincent
>
> -----Message d'origine-----
> De : Manuel Kasper [mailto:mk at neon1 dot net]
> Envoyé : lundi 13 avril 2009 12:07
> À : Mathias Lustig
> Cc : m0n0wall at lists dot m0n0 dot ch
> Objet : Re: [m0n0wall] Beta 1.3b16 released
>
>
> Hello Mathias,
>
> On 12.04.2009, at 11:56, Mathias Lustig wrote:
>
> > with its integrated DNS server for name resolution und because of
> > that I've
> > set up an entry in the DNS forwarder, which queries our DC for
> > everything
> > related to the "joho.local" domain.
> >
> > This feature worked quite fine 'till the upgrade to 1.3b16 last
> > night. After
> > the upgrade, my m0n0 box just refuses to look up any name from the
>
> I've had a look at the changes since 1.3b15, but aside from the
> addition of the Dnsmasq "--all-servers" option (which is only used if
> you explicitly enable it) on the DNS forwarder setup page, I couldn't
> see anything that could cause this problem. A quick test of the domain
> override feature showed that it works (at least with a basic
> configuration).
>
> If I understand your description correctly, you were having the DNS
> forwarder send queries for your AD domain to an upstream DNS server
> via an IPsec tunnel. For this to work, the local subnet in the IPsec
> tunnel configuration must include the source IP address that the DNS
> forwarder chooses to send its queries (which is the WAN interface's
> address, unless there are static routes). This is often not the case
> for a LAN-to-LAN VPN (where one usually uses the LAN subnet as the
> IPsec "local subnet").
>
> This of course does not explain why it worked before the upgrade, but
> if you can give us some more detail on your addressing scheme, we may
> be able to pinpoint the problem and suggest a solution.
>
> Regards,
>
> Manuel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
Hi Vincent, Manuel and everyone else!

Manuel, you gave me the right idea to get the DNS lookup working again.

I set a static route to send all traffic from WAN Interface via LAN
Interface through the IPSec tunnel and everything is fine again - just like
vincet did.
So why the hell didn't I need this static route before and m0n0 just routed
all the DNS requests from its dns forwarder through the IPSec tunnel by
itself?
I'm a little confused about that ...


-- 
Greetings,

Mathias

---

Mathias Lustig
Rheingaustraße 106
65375 Oestrich-Winkel

Tel.:  06723 - 885659
Mobil: 0176 - 20529172
ICQ:   77571225
Jabber: mathias[dot]lustig[at]jabber[dot]ccc[dot]de