IPSec Roadwarrior - DNS naming resolves only when ipfire local subnet is set to 0.0.0.0/0

Hi,

I’ve setup IPSec VPN with PSK on ipfire v154 and the main problem is that connected roadwarrior clients only resolves DNS naming when IPSec’s Local Subnet is set to 0.0.0.0/0.

And setting it to 0.0.0.0/0 all the Roadwarrior’s traffic is routed through our Office’s ipfire-firewall…

I would prefer to have split-tunneling but if I set IPSec’s Local Subnet to: 192.168.64.0/24 then I can’t ping any host with domain *.office.local

Here are my settings:
Green network: 192.168.64.0/24
DHCP-Server is up with domain: office.local on 192.168.64.1

IPSec:
Host-to-Net Virtual Private Network (RoadWarrior): 10.220.70.0/255.255.255.0
IPSec Local Subnet: 192.168.64.0/24

I’ve tried also in

/etc/ipsec.user.conf

to set

rightdns=192.168.64.1

but it doesn’t resolve any DNS naming.

Split-Tunneling works for OpenVPN Roadwarriors though…

I’m wondering if split-tunneling for IPSec is possible on ipfire ? Or are there any restrictions on ipfire ?

cheers

gilles

Split tunneling is possible, though it’s more of a challenge for different clients. You don’t specify what OS you are using, but in Windows, one can go to the adapter and edit the advanced options under the IPV4 settings, Uncheck the box to use the default gateway on the remote side. That enables split tunneling.

Also, you can use PowerShell set-vpnconnection to enable Split Tunneling.

 set-vpnconnection -name "My VPN Connection Name" -splittunneling $true

Thanks for looking at this.
Well mainly iOS or macOS clients which I think is not possible to alter its configuration files…

If you use a configuration profile, it’s possible to control many more parameters, but DNS and split tunneling are a challenge for Apple clients, I think.