Hi!
I have the following problem: I have a hex S-router and used IPsec vpn for a long time and it always worked flawlessly. Some months ago I added a server to my network. A debian 12 machine with some docker containers. For one of that containers I use the let’s encrypt service to provide a ssl certificate. All of this works OK, but …
when I connect to my home network over the IPsec vpn with my laptop (win11) now and I want to surf to any website with my firefox browser while I am connected through the vpn I get the alert, that there is a certificate-issue. When I look close to the certificate I see that it is my let’s encrypt certificate of my own lan-server which domain is of course not matching the one of the website I am trying to reach. I am able to add an exception for that problem of course but I truly wan’t to understand why this is happening at all and moreover where I can search for the issue.
I don’t have the problem with my mobile where I use firefox, too. There I am able to connect to the vpn and to surf to any website where I wan’t to with my android device (strongswan-vpn-client) without adding any exceptions.
The hex S is runnig RouterOS version 7.16.2 at the moment. I will try to update to the newest version soon, but I don’t expect any solution with an update because I am not sure about the cause of my problem.
The local dns on the router contains an entry for my server which is matching the same as the public domain and hostname of my server.
The router has a port 80-fwd-rule (tcp-nat) to the server so that let’s encrypt is working of course and it supports the connection on port 443 (tcp-nat) to the server, too.
There are some entrys at the dns-server of my webhost-company, that point to the public wan-ip of my router.
The router retains a connection to a dyn dns-server as a back up.
I thought it could be a problem with routing but I didn’t define any routes. If I should post any config, please tell me which one.
At the moment I think there could be some issue with the “IPsec Mode Config” where the “Split include” is pointing to my local network ip-pool and the checkbox “System DNS” ist set. Maybe I could utilize the “Split DNS” option but I don’t know how.
Some tips are really appreciated!
Best regards
PS: I already tried to search the forum and the www but I wasn’t able to find a solution.