DNS not resolving on OpenConnect w/ Juniper Pulse Secure Gateway
David Woodhouse
dwmw2 at infradead.org
Tue Apr 7 08:13:07 PDT 2015
On Tue, 2015-04-07 at 10:36 +0000, Sam McLeod wrote:
> We're trying to get OpenConnect working to replace the Junos Pulse
> client on OSX and Linux clients connecting to our Juniper MAG 2600
> VPN gateway.
> OpenConnect correctly authenticates and establishes the connection
> however DNS does not work over the link.
>
> - I've checked /etc/resolv.conf on my OSX machine and our internal
> DNS server has been correctly added.
On OSX it's not sufficient to fix resolv.conf; it has multiple
redundant ways of handing DNS configuration (yay Apple). There was a
fix recently in vpnc-script which ought to have made this work better:
http://git.infradead.org/users/dwmw2/vpnc-scripts.git/commitdiff/e8b30a2be9
> - A tcpdump shows the DNS request traffic on the utun1 interface
> however the MAG 2600 returns an NXDomain:
>
> 20:20:57.596050 IP nal IP of MAG>.55812 ><internal IP of DNS Server>.domain: 31256+ A? <internal hostname>. (28)
> 20:20:57.623131 IP .domain > .55812: 31256 NXDomain 0/0/0 (28)
Hm the internal IP address of the MAG? Do you mean the VPN IP address
of the *client*?
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150407/65c767cf/attachment.bin>
More information about the openconnect-devel
mailing list