IPSec + XAuth DNS Configuration

Hello all, I’ve setup an IPSec + Xauth VPN for roadwarrior iPhone use as described here: http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf. Everything is fine, except that I cannot understand which DNS are passed to the client. I have some static DNS names configured in the routerboard, but it iseems that the IP address of the router is not passed to the VPN client. I have even changed DNS configuration on the Mikrotik in order to point to an internal server as DNS, in place of the Mikrotik. IPSec seems to use a different source for the DNS IP to pass to the client.

I can successfully access hosts on the local network through the VPN using IP address, but not using DNS name (I use the FQDN, so this is not a problem of the domain name not being passed to the VPN client).

Could someone explain me which IP address is passed to the IPSec VPN client?

Thanks in advance.

Make sure you are using latest ROS version, mode-conf dns was broken in some versions.

I am on the latest stable release.

The fix for modeconf dns is not available in any current channel version. It is fixed in 6.36rc6, so try with the latest RC version.

http://forum.mikrotik.com/t/v6-36rc-release-candidate-is-released-wireless-fp-package-is-discontinued/97337/66

Ok, I will try. In any case, which DNS should I expect to be passed to the client? The ones configured in “/ip dns” or the local Mikrotik DNS address?

What do you mean with “local Mikrotik DNS address”? AFAK it sends servers you see under “/ip dns”, either dynamic or static.

So there is no way to send 192.168.88.1 (the local Mikrotik router address) as DNS to the VPN clients? My problem is to be able to resolve static names configured in Mikrotik DNS from the VPN clients.

You can use static DNS on responder side and add its local address to “/ip dns servers” property.