Community discussions

MikroTik App
 
gittubaba
newbie
Topic Author
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

How prevent IPSec from adding dynamic DNS servers?

Thu Aug 13, 2020 5:17 pm

This is my IPSec configuration.
# aug/13/2020 20:14:01 by RouterOS 6.47
# software id = DELETED
#
# model = RouterBOARD 750G r3
# serial number = DELETED
/ip ipsec mode-config
add connection-mark=forVPN name=NordVPN responder=no
/ip ipsec policy group
add name=NordVPN
/ip ipsec profile
add name=NordVPN
/ip ipsec peer
add address=sg500.nordvpn.com exchange-mode=ike2 name=NordVPN profile=NordVPN
/ip ipsec proposal
add enc-algorithms=aes-256-cbc,aes-256-gcm,aes-192-cbc,aes-128-cbc name=NordVPN pfs-group=none
/ip ipsec identity
add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=NordVPN password=DELETEDpeer=NordVPN \
    policy-template-group=NordVPN username=DELETED@gmail.com
/ip ipsec policy
add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 template=yes
When the tunnel is established it always adds two Dynamic DNS servers. And for some reason that dynamic server is taking priority over my set servers. How there any way to prevent that?
[admin@GittuTik] /ip dns> print 
                      servers: 8.8.8.8,8.8.4.4
              dynamic-servers: 103.86.96.100,103.86.99.100
               use-doh-server: 
              verify-doh-cert: no
        allow-remote-requests: yes
          max-udp-packet-size: 4096
         query-server-timeout: 10s
          query-total-timeout: 15s
       max-concurrent-queries: 100
  max-concurrent-tcp-sessions: 20
                   cache-size: 4096KiB
                cache-max-ttl: 1w
                   cache-used: 84KiB
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: How prevent IPSec from adding dynamic DNS servers?  [SOLVED]

Thu Aug 13, 2020 5:28 pm

Just disable dns in mode-config:
/ip ipsec mode-config set use-responder-dns=no NordVPN
 
gittubaba
newbie
Topic Author
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

Re: How prevent IPSec from adding dynamic DNS servers?

Thu Aug 13, 2020 6:03 pm

Just disable dns in mode-config:
/ip ipsec mode-config set use-responder-dns=no NordVPN
Thanks. That solved the problem. Not sure how it got set to "exclusively". I setup my ipsec config in a previous version and updated routeros regularly. Is this use-responder-dns config added recently or default changed?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: How prevent IPSec from adding dynamic DNS servers?

Thu Aug 13, 2020 6:06 pm

IIRC the functionality was added in 6.46, the configuration option in 6.47.
Look up the changelog if you are interested in details.
 
awayand
just joined
Posts: 11
Joined: Mon Jan 10, 2011 5:57 pm

Re: How prevent IPSec from adding dynamic DNS servers?

Sun May 02, 2021 6:26 pm

@gittubaba: do you experience any dns leaks with your vpn provider nordvpn?

Who is online

Users browsing this forum: Amazon [Bot], norepto, svh79 and 85 guests